CorreLog, Inc.   Solutions   Download   Partners   News   Support   About Login

Solutions > CorreLog for IT Enterprise Search

At the center of CorreLog's operation is our high-speed, web-based search engine. This facility is implemented using our proprietary "GenDex" technology to permit you to search terabytes of information, spanning multiple days or months, returning results within a few seconds. You are provided a single web-based console to search the logs of all the technology you deploy, in real time, with no delays.

 

Search Function Overview

CorreLog can continuously receive in excess of 5000 events per second. This makes the need for a high-speed search engine essential in order to find precise events embedded within massive amounts of other data.

CorreLog is designed to perform these searches as rapidly as possible, easily returning search results across gigabytes of data within one second. The CorreLog high-speed search capability directly supports iteration and search refinement, especially important for data analysis and forensics, where a single search session might consist of dozens of individual searches.

Search Features

CorreLog breaks each message into keywords, stores each keyword reference, and builds a concordance of all the lines in all log messages indicating where each keyword occurred. This "search index" furnishes extremely rapid searches across vast amounts of data based upon keywords and phrases.

Additionally, CorreLog keeps track of which data was last indexed, and permits a non-indexed search from that point on. This means that as new data is received, even before it is indexed, it is immediately available for searching like any other data. Furthermore, once a keyword search has reduced the amount of data to a manageable number of log entries, CorreLog can apply regular expressions to quickly target the exact log messages you are seeking.

This combination of "indexed" and "non-indexed" search furnishes unique capabilities not found in other products. CorreLog's search facility, designed specifically for handling log messages, yields extremely high performance, flexibility, and unmatched functionality and features.

  • Index Search. We use our "GenDex" search engine to process raw log data, keeping track of message content, as well as the message time, IP address, facility, and severity. The "GenDex" program periodically updates an index file that allows you to search across many gigabytes of data, typically within one second or less.

  • Non-Index Search. In conjunction with the index search, we support non-indexed searches across search results, and across data that has not yet been indexed. This operation is transparent to the user, and permits you to employ complex search terms using wildcards, match and exclude patterns. You precisely and rapidly locate the log messages you are seeking.

  • Keyword Concordance. The list of search keywords is available to the operator, providing an overview of all keywords found in all messages, so that common keywords can be investigated or ignored, and message content can be quickly summarized. Using this unique feature, you see all message content summarized by keyword and word counts. You obtain a unique and powerful new perspective on your data.

  • Auto-complete. The operator can enter a partial keyword, and that entry is automatically completed by CorreLog to match the nearest full keyword. This permits you to quickly type in a few significant characters, and have CorreLog perform a lookup of the keyword and auto-complete the search term for you. This is particularly useful if keywords are complex character strings, possible associated with a user or session ID or other handle.

  • Advanced Search Functions. For more complex searches, CorreLog provides an "advanced" search screen that guides the user through the process of creating a search query consisting of full matches, partial matches, and exclusions. Additionally, the advanced search screen permits you to specify a range of message facilities, severities, and times. For example, you can search for messages originating from a small set of devices at particular times of the day, containing certain keywords and excluding others.
Multi-Tier Search Capability

CorreLog provides its "Enterprise Search Adapter" software, to permit searches by a supervisor across multiple CorreLog Server installations. This optional adapter component can be added at each CorreLog Server to assist in distributed management of a multi-tier CorreLog implementation, greatly expanding your ability to manage the log messages of your entire organization.

For those sites that implement multiple copies of CorreLog Server, you can issue search requests to each CorreLog server simultaneously, and receive the count of matching results. You can then drill down to view the detailed search results. This provides an easy way to determine the status of messages, or locate specific devices on your enterprise associated with log data. The "Enterprise Search Adapter" expands the role of CorreLog to be a full enterprise manager of a distributed logging system. Given the formidable power of a single CorreLog site, this multi-tier capability permits management of devices in excess of 1 million devices, and message collection rates approaching 10 million events per second.

Complete Search Solution

In addition to the interactive search facility, CorreLog employs its GenDex search capability in other locations within CorreLog, including within the correlation functions, reporting functions, and ticketing system. These areas augment CorreLog's basic search functionality described above by establishing message taxonomies and catalogs, and creating graphical depictions of message rates based upon search results.

For example, it may be more pertinent to the user to see a graph of message counts during a period of time, matching specific message patterns. This functionality is readily available within the "Graph" utility of CorreLog's "Report" screens, where minute, hour, and daily message counts (that reflect a specific keyword or phrase) are shown in graphical form.

Many other specific search functions are ready-to-use within the main CorreLog Server, including the ability to search devices by message keyword to obtain a list of devices related by a common message phrase. In particular, users can configure dashboards that reflect specific "message types" and "taxonomy domains", permitting easy drill-down from graphs into correlated message lists.

You can begin experimenting with CorreLog's unique and powerful enterprise search functions immediately, at your enterprise. Download our free trial package and begin viewing your enterprise data right now. The CorreLog system installs in minutes, and permits you to search, correlate, and report on your enterprise data using an intuitive user interface.

View Other Solutions & Services...

This is CorreLog
Security Compliance
Datasheets
 
Free Trial Download
Request Product Demo
Purchase CorreLog

Privacy  |  Product Licensing  |  Contact Us

CorreLog: High Performance Correlation, Search and Log Management

Copyright © 2010, CorreLog, Inc. All rights reserved.
All trademarks and registered trademarks used herein are the properties of their respective owners.

Google, Twitter, Digg, SlashDot, Cisco, Microsoft