Log Blacklist¶
Overview¶
Guance provides you with comprehensive log collection capabilities. It supports the collection of log data generated by Windows/Linux/MacOS hosts, Web servers, virtual machines, network devices, security devices, databases, etc. However, as the collected logs will contain some logs that you don't need, Guance provides you with the function of Log Blacklist, that is, by adding log filtering rules, log data conforming to the rules can be filtered to prevent reporting to the workspace and help you save log data storage costs.
Precondition¶
You need to create a Guance account and install DataKit on your host to start the related integration and collect data.
Roles of Log Blacklist¶
a. economical¶
In Guance, the billing methods for log data are as follows:
Billing Item | Billing Unit | Commercial Plan Gradient Price | |||
---|---|---|---|---|---|
Data storage policy | 7 days | 14 days | 30 days | 60 days | |
Number of log data | per million | ¥ 1.2 | ¥ 1.5 | ¥ 2 | ¥ 2.5 |
Taking the log data generated by usability dialing test as an example, we created a node in Beijing and dialed the site of our company once every minute. At this time, a log will be generated every minute and uploaded to the workspace. We pay more attention to the time when the dial test of this node timeout and fails, so we can use our log blacklist function to filter the log whose dial test status is OK, thus greatly saving the data cost.
b. not bothering¶
The log blacklist configuration takes effect immediately after success, which is common to all users in the whole workspace, and only needs to be configured once, which takes effect permanently. Standard members above can create and edit blacklist configuration.
c. time-saving¶
By using the log blacklist function, you can reduce the collection of invalid logs, present more valid information in the workspace, and make it easier for you to find the target logs more quickly.
How to use the log blacklist feature¶
a. View blacklist¶
In the Guance workspace, click Log > Blacklist, and you can view all log filtering rules through Log Blacklist.
b. Create and Edit blacklist¶
- Create: In the upper left corner of the log blacklist, click Create to create a new log filtering rule.
- Edit: On the right side of the log blacklist, click Edit to edit the created log filtering rules.
As shown in the following figure; Select the log source http_dail_testing
and filter the log data of status=OK
and city=hangzhou
, that is, the log data that meets the filter criteria at the same time will not be reported to the workspace.
c. Delete blacklist¶
On the right side of the log blacklist, click to delete the existing log filtering rules. After the filtering rules are deleted, the log data will be reported to the workspace normally.