CloudFabrix Documentation
Asset IntelligenceOps IntelligenceObservabilityRobotic Data
  • Getting Started
  • CloudFabrix Overview
  • AIOps Platform
  • AIOps Solutions
  • CloudFabrix RDA
    • RDA - Overview
      • RDA - Terminology and Artifacts
    • RDA - Installation
      • Linux OS
      • Windows OS
      • Mac OS
      • RDA Client
      • Worker Nodes
      • Event Gateway
      • Edge Collector
      • Log Shippers
        • Filebeat
        • Fluentd
        • Rsyslog
        • Syslog (udp)
        • Splunk forwarder (Windows and Linux)
        • Winlogbeat (Windows)
      • RDA Log Archives
    • RDA - Administration
      • RDA - Configuration
    • RDA - User Guide
      • RDA - AIOps Studio
        • AIOps Studio - Solution Packages
        • AIOps Studio - Pipelines
        • AIOps Studio - Explore
        • AIOps Studio - Administration
        • RDA CLI in UI
        • AIOps Studio - Examples
          • File Operations
          • Loop Operations
          • Data Management Operations - cfxdm
          • Data mapping - cfxdm - dm:eval
          • Filters - cfxdm - dm:filter
          • Data mapping - cfxdm - dm:map
          • Metadata - cfxdm-dm:metadata
          • Data mapping - cfxdm - dm:functions
            • Any_non_null
            • Concat
            • Datetime
            • Date and Timestamp
            • Evaluate
            • Fixed
            • Highest
            • Join
            • jsonDecode
            • Lower
            • Lowest
            • Match
            • Minutes_Between
            • Replace
            • Seconds_Between
            • Slice
            • Split
            • Strip
            • To_Numeric
            • Ts_To_Datetimestr
            • Upper
            • When_Null
          • Data Mapping cfxdm - dm:sort
          • Data Mapping cfxdm - dm:head
          • Data Mapping cfxdm - dm: tail
          • Data Mapping cfxdm - dm: dedup
          • Data Mapping cfxdm - dm:selectcolumns
          • Data Mapping cfxdm - dm:fixcolumns
          • Data Mapping cfxdm - dm:mergecolumns
          • Data Mapping cfxdm - dm:describe
          • Data Mapping cfxdm - dm:save
          • Data Mapping cfxdm - dm:savedlist
          • Data Mapping cfxdm - dm:recall
          • Data Mapping cfxdm - dm:concat
          • Data Mapping cfxdm - dm:groupby
          • Data Mapping cfxdm - dm:to_type
          • Data Mapping cfxdm - dm:enrich
          • Data Mapping cfxdm - dm:dns_ip_to_name
          • Data Mapping cfxdm - dm:dns_name_to_ip
        • AIOps Studio - Datasource Examples
          • Elasticsearch (v1)
      • RDA - Data Management (cfxdm)
        • cfxdm - dm:filter
        • cfxdm - dm:map
        • cfxdm - dm:functions
        • cfxdm - dm:sort
        • cfxdm - dm:head
        • cfxdm - dm:tail
        • cfxdm - dm:dedup
        • cfxdm - dm:selectcolumns
        • cfxdm - dm:mergecolumns
        • cfxdm - dm:describe
        • cfxdm - dm:hist
        • cfxdm - dm:bin
        • cfxdm - dm:fixcolumns
        • cfxdm - dm:save
        • cfxdm - dm:savedlist
        • cfxdx - dm:recall
        • cfxdm - dm:concat
        • cfxdm - dm:groupby
        • cfxdm - dm:enrich
        • cfxdm - dm:to_type
        • cfxdm - dm:dns_ip_to_name
        • cfxdm - dm:dns_name_to_ip
        • cfxdm - files:loadfile
      • RDA Terminal
        • Examples using Terminal / Commandline
    • RDA - Bot Documentation
    • RDA - Datasource Integrations
      • AppDynamics
      • Dynatrace
      • Dell EMC Unity
      • Elasticsearch
      • Infoblox NetMRI
      • Kubernetes Cluster
      • Linux OS
      • Microsoft Windows Server OS
      • Nagios XI
      • NetApp Clustered ONTAP
      • PRTG Network Monitor
      • VMware vCenter
      • VMware vRealize Operations
    • RDA - Python API
      • Class CaaSDataset
      • Class CaaSClient
      • Python API Example
    • RDA - FAQ
      • Download and Installation
      • Troubleshooting
  • CFXQL - CFX Query Language
    • CFXQL User Interface
  • Operations Intelligence Analytics (OIA)
    • Solution Overview
      • Navigating cfxOIA
      • Any title
    • Administration Guide
      • Active Directory Integration
      • Add Customer
      • First Steps
      • OIA Users
      • Add New Users and Assign Roles
      • Add Environment
      • Add Gateway
      • Add DataSource
      • Add Project
      • Project Configuration
      • Stacks
      • Teams
    • User Guide
      • Incidents
        • Incident
        • Stack
      • Alerts
      • Outcomes
  • INTEGRATIONS
    • Zabbix
    • AppDynamics
    • Dynatrace
    • NetApp C Mode
    • NetApp 7 Mode
    • Splunk Enterprise
    • VMware vCenter
  • OBSERVABILITY
  • Observability - IT Infrastructure Monitoring (cfxPulse)
    • Getting Started
    • Solution Overview
    • Installing cfxPulse Collector
    • Administrator Quick Start Guide
      • Prerequisites
      • Accessing cfxPulse
      • Configuration of cfxPulse
      • Setting Up Monitoring
      • Monitoring Using Prometheus Agents
      • How to add Prometheus Agent Details
      • Discovery of Devices
      • Monitoring Dashboard
    • End User Quick Start Guide
      • Portal Navigation
      • Monitoring Analysis
      • Monitoring
      • Alerts and Incidents
      • Reports
      • NOC/Ops
      • Configuration Backups
      • Interacting With Tabular Reports
      • Creating Custom Dashboards
  • Observability - Log Monitoring & Analytics (CFX LogAnalytics or CLA)
    • Getting Started
    • Solution Overview
    • Solution Key Components
    • Log Forwarding
      • Install and Configure Logstash
      • Sending Logs to Logstash Forwarder
    • Log Collection
      • Collecting Logs from Linux
    • Log Transformation & Enrichment
    • Logstash Installation
      • How to install Java / Logstash on client side
  • Asset Intelligence Analytics (AIA) Solution
    • Getting Started
    • Solution Overview
    • AIA Roles
      • Platform Admin
        • Managed Service Provider (MSP)
        • Authentication Server
        • Set Up Services
        • Organizations
        • Users
      • Organization Admin
        • My Organizations
      • Organization Executive
      • Organization User
    • AIA Tasks, Functions
      • Home Page Navigation
      • Filters
      • Settings Menu
      • Notifications
      • Authentical Server
      • How to Add, Edit, Delete MSP
      • Actions
        • Services
        • Files
        • Dictionaries
        • Discovery Jobs
        • Snapshots
        • Clambda Jobs
        • State Operations
        • Replacement Rate
      • Details
        • Overall
        • POR Insights
        • HW Assets
        • SW Assets
        • Contracts
        • App Dependency
        • Asset List
    • AIA API
    • Enterprise Discovery
      • cfxEdgeCollector
        • Deployment of cfxEdgeCollector
        • Configuration of cfxEdgeCollector
        • cfxEdgeCollector Command Line Options
        • cfxEdgeCollector Help Command
        • Working With cfxEdgeCollector
        • cfxEdgeCollector Auto Export
    • Asset Intelligence & Analytics (AIA) (Delete)
  • CloudFabrix SaaS
    • Signup
    • Navigation
    • User Roles
  • Support
    • Contact Support
Powered by GitBook
On this page
  • Solution Overview
  • Log Analysis
  • Traffic Analysis
  • Security Analysis
  1. Observability - Log Monitoring & Analytics (CFX LogAnalytics or CLA)

Solution Overview

Key Use cases, Benefits and Feature Highlights

PreviousGetting StartedNextSolution Key Components

Last updated 4 years ago

Solution Overview

cfxLogAnalytics (CLA) is the centralized log management solution that can be deployed on-prem or used as a service through CloudFabrix SaaS portal. The solution ingests logs from multiple tools and enables IT teams with advanced analytics and insights. The solution also leverages AI & ML capabilities to perform event correlation, failure root cause detection and event categorization. Log and event data can be ingested from any managed asset using readily available connectors or plugins. Remote or on-premises environments can use cfxCollector as a proxy between customer environment and cfxLogAnalytics.

The solution leverages Elastic search, Logstash and Kibana as core components, popularly known as ELK stack.

The solution focuses on 3 key areas

  1. Log Analysis: Centralized Logs, Multi-tenant (Log Separation), Long Term Archival, etc

  2. Traffic Analysis: Noisy Neighbours, Top Services / Protocols, Root Cause Analysis, etc

  3. Security Analysis: Threat Originating Regions, Threat Severities, IDP/IDS Logs, Event Correlation, etc.

With cfxLogAnalytics IT teams can

  • Garner deep insights and analytics from millions of IT logs and events

  • Identify performance blind spots, detect abnormal usage patterns, establish top talkers, chatty applications or perform forensic and threat analysis.

  • Performs secure multi-tenant log separation and long-term archival of raw, unmodified logs to meet audit compliance and regulatory requirements.

Log Analysis

IT teams can ingest logs from any managed IT asset, index and archive logs, and get summary analytics, advanced visualization and reporting. Typical logs include Syslogs, Web logs, Application logs, User Activity logs etc.

The app also supports long-term archival of untampered, unaltered logs that may be required for regulated environments for compliance and audit purposes. Archived logs can be organized based on customer desired structure (ex: Datacenter/Date/Hour) and can also be accessed on-demand from portal anytime for download and offline review.

Traffic Analysis

Traffic analysis is vital to any Network operations team. cfxLogAnalytics can ingest Netflow records, flow logs, SIP call logs, packet captures, from various network devices to provide insights about traffic usage patterns, top talkers, noisy neighbors and top services, ports or protocols.

An intuitive chord diagram widget maps out flow pattern between various sources and destinations. Network admins can also drill-down to particular device or interface and gain deeper insights about traffic patterns. Customers can perform basic and advanced search queries or retrieve raw flow records.

Security Analysis

Security information and event management (SIEM) is an essential practice of every security organization. Within the broader SIEM practice, security event management is a key aspect that enables customers to analyze or detect breaches or vulnerabilities based on logs and events collected from firewalls, IDP, IDS and other perimeter or east-west firewall devices.

With cfxLogAnalytics, customers can ingest IDP, IDS logs from various network endpoints and gain insights into hidden security patterns. Portal shows a geomap view of threat originating regions. Suspicious traffic patterns or threats are also aggregated and categorized based on severity. Top traffic originating internal systems can also be easily identified. Suspicious hosts can be selected for further drill down and analysis.

Log Analytics providing insights about storage errors
Traffic analysis and insights from Netflow data
Security analytics and insights from IDP/IDS events