Management

Available in Classic and VPC

In Management, it describes how to manage projects and groups integrated with project and group menus in the console, set notifications, and manage saved searches (queries).

Project management

You can check the information of the projects integrated with project menus in the console and manage log fields.

Project page

The basics of the Management > Project menu in Web App are as follows:
elsa2-web-project_screen_ko

Area	Description
① Team name search bar	Search projects by team name
② Platform	Select or deselect platforms to filter projects
③ View long-term unused projects	Select or deselect to view long-term unused projects and filter projects
④ Viewing method	View in widgets or charts
⑤ Sorting method	Select a sorting method
⑥ Search bar	Search projects by project names or txtToken
⑦ Project list	Displays projects in widgets or charts depending on the viewing method Click the project name to go to project detail page (Refer to View project details)

View project details

To check project details in Web App's Management > Project menu, follow these steps:

Access Web App. (Refer to Access Web App)
Click Management > Project.
Click the name of the project to check from the list (widget or chart).
- You can search projects using the searching or filtering feature.
Check project's details.
- By clicking the [Search] button on the top right, you can run a log search for the project. (Refer to Search logs)
- Basic information: displays information of the project created in the console
- Daily log usage: displays the current status based on the Maximum daily collectible log capacity set in the console
- Request status in the last 30 days: displays the number of searches and search range in charts based on the Log retention period set in the console
- Log sampling: display current status based on the Log sampling set in the console
- Log notification: currently under preparation
- Usage in the last 30 days: displays log usage in charts based on the Log retention period set in the console
- Schema: you can check, add, and manage schemas used for transferring logs or searching (Refer to Add and manage schemas)

Add and manage schemas

To add, edit, and delete schemas of the project in Web App's Management > Project menu, follow these steps:

Access Web App. (Refer to Access Web App)
Click Management > Project.
Click the name of the project from the list (widget or chart).
- You can search projects using the searching or filtering feature.
In the Schema field, click [Add schema].
Enter or select the field information in the field addition popup window and click [Save].
- Field name: enter the name of the field to create
- Data type: select the type of data
- Data format: displays when the data type is selected as date
- The field is created and displayed on the list.
If necessary, edit or delete the fields you added.
- The basic field of the project cannot be edited or deleted.
- To edit the added field, click , edit the field, and click [Save].
- To delete the added field, click and [OK].
- You can search fields by names in the search bar on the schema list.

Note

When a new field is found in the collected logs, the field is added to the schema. The added field has the String type by default. When data computation is required, you need to change the type of field added to the schema to the type suitable for the computation.
When changing the field type before 20:45, the changed type is applied to the data collected after the date of the change. When changing the field type after 20:45, the changed type is applied to the data collected 2 days after the date of the change.
As schemas are applied on a daily basis, you cannot change the data type for any collected data before the application.

Manage groups

You can check the information of groups integrated with group menus in the console.

Note

While most of the NELO feature is provided for each project, Kibana's Dashboard feature uses group units.
For how to set the basic group, see System setup.

Group page

The basics of the Management > Group menu in Web App are as follows:
elsa2-web-group_screen_ko

Area	Description
① Viewing method	View in widgets or charts
② Sorting method	Select a sorting method
③ Search bar	Searches projects by group name
④ Group list	Displays groups in widgets or charts depending on the viewing method Click the project name to go to group detail page (Refer to View group details)

View group details

To check group details in Web App's Management > Group menu, follow these steps:

Access Web App. (Refer to Access Web App)
Click Management > Group.
Click the name of the group to check from the list (widget or chart).
- You can search groups using the searching or filtering feature.
Check group's details.
- Project name: displays the name of the project added to the group in the console
  - Click the project name to go to the project page in Web App. (Refer to Manage projects)
- Action: displays action details that can be done with the project
  - By clicking , you can run a log search for the project. (Refer to Search logs)
- By clicking the [Search] button on the top right, you can run a log search for all projects in the group. (Refer to Search logs)

Manage notifications

With the notification feature, you can set to send notifications in a method that the user sets when the number of logs satisfying certain Lucene queries is found to exceed a certain threshold.

Notification page

The basics of the Management > Notification menu in Web App are as follows:
elsa2-web-alert_screen_ko

Area	Description
① Search	Only when the notification search condition is set to On, sub-options (Whole/Detect anomalies/No anomaly) can be selected
② Urgency	Filters notifications by urgency level
③ Change in the last status	Enter the time range manually to change the notification filtering time units can be changed
④ Project	Search or select a project to filter notifications
⑤ Viewing method	View in widgets or charts
⑥ Add notification	Add new notification
⑦ Sorting method	Select a sorting method
⑧ Search bar	Searches notifications by notification name
⑨ Notification list	Displays in widgets or charts depending on the viewing method Click the notification name to go to notification detail page Click and the log search is executed for projects assigned in the notification (Refer to Search logs) Click to notification name to go to the notification detail page : turns on/off the widget or chart notification : Delete notification or Edit notification in the widget : Delete notification in the chart : Edit notification in the chart

View notification details

To check notification details in Web App's Management > Notification menu, follow these steps:

Access Web App. (Refer to Access Web App)
Click Management > Notification.
Click the name of the notification to check details from the list (widget or chart).
- You can search projects using the searching or filtering feature.
- For more information on notification details, see Add notification.
- Basic information: displays information of the notification set when creating the notification
- Condition: displays conditions and description of the notification set when creating the notification
- Detail Setting: detailed setting options set when creating the notification
- Session: displays data and the status of the session
- History: displays the task history of the notification

Add notification

To add a notification in Web App's Management > Notification menu, follow these steps:

Access Web App. (Refer to Access Web App)
Click Management > Notification.
Click the [Add notification] button.
Enter the information of the notification to add in the notification addition popup window.
- Basic information
  - Name: enter the name of the notification to create
  - Urgency: select the urgency level
  - Project: select the project for the notification
  - Query: enter the query to run the notification
- Condition
  - Threshold: enter the threshold(number of logs) for which the anomaly is detected in Range and Every condition set in the Window
    - >=: select when the number of logs exceeds the entered number of logs
    - <=: select when the number of logs is below the entered number of logs
    - To change the threshold depending on time and day, select and activate Would you like to have the threshold changed by time and day? and then set the Variable threshold item, which is displayed additionally.
  - Window: enter the Range and Every conditions
  - Final notification settings: displays the description of the set Threshold and Window
- Detailed settings (When clicking View more of detailed settings)
  - Field to group: enter the field to group
    - Grouping is only supported in the >= condition.
  - Callback: set callback conditions
    - Click the [+] button to set in the callback addition popup window.
    - Status: select whether to apply a callback
    - URL: enter the callback URL to call when an event occurs
    - Headers: enter the header name and value information to be delivered to the callback URL when an event occurs
    - Template: set up Template according to the following "Template setup". It is recommended to copy and paste the following values.
      - If an event occurs, enter the message to be transmitted through URL in JSON type.
      - However, to transfer event information, use the variables supported in ELSA2.0. (Refer to Template variable table)
Click the [Save] button.
- The notification is created and displayed on the list.

※ Template setup:
It is recommended to copy and paste the following Template installation values.

  {
    "summary": "{{summary}}",
    "startTime": "{{window.start}}",
    "statusEmoji": "{{status.emoji}}",
    "statusColor": "{{status.color}}",
    "statues": "{{status}}",
    "alertName": "{{name}}",
    "alertLevel": "{{level}}",
    "projectName": "{{project.name}}",
    "duration": "{{session.duration.pretty}}",
    "condition": "{{threshold.pretty.range}}",
    "observedLogs": "{{window.logs}}",
    "windowUrl": "{{window.url}}",
    "alertDetailUrl": "{{url}}",
    "descriptionHtmlEscaped": "{{description.html_escaped}}"
  }

Template variable list

The following shows the template variables used in the callback feature.

Note

The variables with their format marked as N/A are strings, but as there is no guarantee they follow certain formats, they should be used only to be shown to the user instead of being interpreted technically. Also, the string specifications of the variables with their format marked as N/A can be changed without prior notice.

Specification-related variables of the notification

Note

The variables listed in the following list stay consistent unless the user updates the notification rules. However, if the schedule feature is on, threshold-type variables can be replaced with other values depending on the day and time.
{{summary.template}} variables can only be used for the JSON template of the callback notification and are ignored for template treatment for creating summary text.

Variable	Format	Description
`{{id}}`	integer	Notification's ID (the identifier to identify this notification in NELO)
`{{url}}`	string(URL)	Notification's detail page URL
`{{name}}`	string	Notification's name
`{{level}}`	integer	Notification's urgency level
`{{description}}`	string	Description of the notification entered by the user (empty string if there is no description)
`{{description.html_escaped}}`	string	HTML tag-escaped `{{description}}`
`{{query}}`	string	Notification's Lucene query
`{{url.search}}`	string(URL)	URL to check the current logs for `{{project.id}}` and `{{query}}`
`{{project.id}}`	integer	Notification-related project's ID (the identifier that identifies the project in NELO)
`{{project.key}}`		Notification-related project's project key (projectKey)
`{{project.name}}`	string	Notification-related project's name
`{{project.url}}`	string(URL)	Notification-related project's detail page URL
`{{range.seconds}}`	integer	Search scope (unit: second)
`{{interval.seconds}}`	integer	Search cycle (unit: second)
`{{group_by}}`	string	If there is a grouping condition, field name used for grouping; If there is no grouping condition, empty string
`{{threshold.value}}`	integer	Threshold (If the notification is off by the schedule feature: -1)
`{{threhsold.operator}}`	string (off, le or ge)	If the threshold comparison condition is 'Above', `ge`, and if it is 'Below', `le`. However, if the notification is off by the schedule feature, `off`
`{{threshold.pretty}}`	N/A	Description of `{{threshold.operator}}` and `{{threshold.value}}`
`{{threshold.pretty.range}}`	N/A	Description of `{{threshold.operator}}`, `{{threshold.value}}`, and `{{window.range}}`
`{{summary.template}}`	string	If the user defines the summary template, the corresponding template (otherwise, empty string)

Status-related variables of the notification

Note

{{summary}} variables can only be used for the JSON template of the callback notification and are ignored for template treatment for creating summary text.

Variable	Format	Description
`{{status}}`	string (firing or resolved)	Notification's current status
`{{status.previous}}`	string (firing or resolved)	Notification's previous status
`{{status.emoji}}`	N/A	The emoji string that matches the notification's current status and urgency level
`{{status.color}}`	string (the RGB color code stating with #)	The color code that works well with the notification's current status
`{{status.since}}`	integer (Unixepoch time, unit: second)	An integer that shows when the notification acquired its current status
`{{status.since.pretty}}`	N/A	strings for `{{status.since}}`, which can be easily figured out by the user (the relative time based on when the template is addressed)
`{{summary}}`	string	If the user defines the summary text template and the `{{status}}` is `firing`, it is the summary text created from the template, and if otherwise, it is the summary text created by the internal rules of the NELO system
`{{session.duration}}`	integer (unit: second)	The current length of the session related to this notification (if it is `firing`, the session is currently active, and if it is `resolved`, the session is closed)
`{{session.duration.pretty}}`	N/A	Readable description of `{{session.duration}}`

The variable related to the log search results of the current events

Variable	Format	Description
`{{window.start}}`	integer (Unixepoch time, unit: second)	Search scope's start time
`{{window.end}}`	integer (Unixepoch time, unit: second)	Search scope's end time
`{{window.url}}`	string(URL)	URL to the search page
`{{window.logs}}`	integer	Number of logs detected on the search page
`{{last_log}}`	string(JSON)	The most recent log on the search page (JSON format)
The variable starting with `fields.`, such as `{{fields.user}}`	string	Certain field value in the `{{last_log}}`

Other variables

Variable	Format	Description
`{{reigon.pretty}}`	N/A	Strings that show NELO instance
`{{region.host}}`	string(domainname)	NELO instance's address
`{{region.url}}`	string (URL)	NELO instance's URL
`{{{{`	string	Always replaced with `{{`
`}}}}`	string	Always replaced with `}}`

Edit notification

To edit a notification in Web App's Management > Notification menu, follow these steps:

Access Web App. (Refer to Access Web App)
Click Management > Notification.
Click the name of the notification to check from the list (widget or chart).
- You can search projects using the searching or filtering feature.
Click the [Edit] button.
Edit basic Information, conditions, and detailed setting options.
- For more information, see Add notification.
Click the [Save] button.

Delete notification

To delete a notification in Web App's Management > Notification menu, follow these steps:

Caution

When you delete a notification, all content saved in the notification will be deleted and cannot be recovered.

Access Web App. (Refer to Access Web App)
Click Management > Notification.
Click the name of the notification to check from the list (widget or chart).
- You can search projects using the searching or filtering feature.
Click the [Delete] button.
From the delete confirming popup window, click [OK].
- The notification is deleted and disappeared from the list.

Manage saved search

You can check and manage (add, edit, or delete) the saved queries in Management > Saved search in Web App.

Saved search page

The basics of the Management > Saved search menu in Web App are as follows.
elsa2-web-query_screen_ko

Area	Description
① Delete	Delete search selected from the list
② Add search	Add new search
③ Search bar	Searches titles based on the title
④ List	Displays saved search items in a list Title: title entered when saving the search Query: query syntax for searching for logs entered when saving the search Task : runs a log search for the project assigned by the notification (Refer to Search log) : Edit search : Delete search

Add search

To add a search in Web App's Management > Saved search menu, follow these steps:

Access Web App. (Refer to Access Web App)
Click Management >Saved search.
Click the [Add search] button.
Enter the information of the search to add in the search addition popup window.
- Data source: search and select the project name or group name
  - When there are recently searched projects or groups, click the file, and those projects or groups are displayed automatically when a click on field is performed.
- Title: enter the search title to add
- Query: enter the query syntax to search
- Description: enter the description of the search
Click the [Save] button.
- The search is created and displayed on the list.

Note

In Web App's Search menu, you can also save the query used to search logs as a search. For more information, see Search page.

Edit search

To edit the saved search in Web App's Management > Saved search menu, follow these steps:

Access Web App. (Refer to Access Web App)
Click Management >Saved search.
From the list, click of the search to edit.
Edit the search information.
- For more information, see Add search.
Click the [Save] button.

Delete search

To delete the saved search in Web App's Management > Saved search menu, follow these steps:

Caution

When you delete a search, all content saved in the search will be deleted and cannot be recovered.

Access Web App. (Refer to Access Web App)
Click Management >Saved search.
Select the search to delete on the list and click [Delete].
- Or, click of each search item.
From the delete confirming popup window, click [OK].
- The search is deleted and disappeared from the list.

Run search

To search logs with the saved search in Web App's Management > Saved search menu, follow these steps:

Access Web App. (Refer to Access Web App)
Click Management >Saved search.
From the list, click of the search to search logs with.
- Go to the log search page. For more information about log search, see Search.

Note

The queries saved in Kibana > Dashboard cannot be used in the Search menu and are used as data source when adding a new widget in Kibana > Dashboard or Kibana > Visualization. For more information, see dashboard.