LogLogic 5.0: And it keeps on getting better.

 By Dimitri McKay

LogLogic 5 has been years in the making and I’ve been privileged to play with, kick at and test numerous iterations of it since its inception.The task of building 5 began with a complete back-end overhaul, as we built out the industry’s most scalable IT data platform. This may sound easy, but being able to get massive amounts of data, and clearly see (or translate from machine bleeps to human linguistics) that data, and then use this haystack of facts, is a lot more difficult than you might think. Bringing in upwards of 150,000 MPS, indexing, parsing, enriching, and then using this new insight to search, report and alert in real-time is a massive undertaking. Especially when you scale this across an infinite number of appliances. Map Reduce technology is clever, but speaking to, working with and rendering reports, alerts and searches across a vast array of hardware still takes effort. Remember, we have customers that regularly generate more than 50 billion IT events each day, and they rely on us to interpret that in real time and make it meaningful to them.That said, I’m going to ignore the back-end and present my top 3 list of front-end features new in 5. I think you will agree they demonstrate a huge leap forward in logging and IT data management technology.

1) The Sex

First up, the GUI - time for more sex appeal. The LogLogic GUI was of particular interest to me, as frankly it hadn’t changed since version 1.0. Sure we’d done some minor updates (added to the sidebar, reorganized some stuff), and to those with experience, it all made sense - there was method to our madness and reviewers regularly gave us 5 stars for “really cutting to the heart of things.” But for those stepping in for the first time, well, we needed to show you a little more TLC. We’ve known this for some time, but for the front-end that we had in mind, we first required that back-end work I talked about. Sure we could have just put lipstick on our stuff, but that’s a tactic we’ll leave to others.

The LogLogic 5 GUI has been completely redesigned with you in mind: consolidation, use cases, intuition - we threw the kitchen sink at it. To achieve our goal we brought in a group of UI designers who’ve built many of the interfaces you and I use every day in common products. These guys are experts. They spent months interviewing customers, identifying top use cases, understanding not only what our product did, but how people use it. And with that, they designed a UI that was not only a user interface, but a workflow engine. And they did so without adding dozens of annoying pop up windows (something else we’ll leave to others). What we now have is indisputably the best forensics workflow solution available. Anywhere.

2) The Insight
Second on my list of awesomeness is the new Log Labels feature. Like the interface story above requiring a better back-end, the story of Log Labels is in two parts.Several years ago we invented the index search for log data. And it was hugely successful. So much so that at least one other vendor in the log management space went and built an entire business out of it. Ours was fast. It was mean. And just like everybody else’s it was dumb. It didn’t understand the data it was indexing. It just indexed as much as possible for ultra fast search. And as a slick search tool, it certainly got the job done. So now for part two, where for the second time, we re-invent IT data searching.

For awhile now, customers have been asking for a way to create custom parsers, but we stepped back and asked “is it parsers that you really want, or are you trying to add business intelligence to your existing logs?” And as it turns out, that was THE question. Enter Log Labels. Here is a feature that gives our customers the capability they’ve been asking for, without requiring a BSc in Development (something else we’ll leave to the competition). What we’ve created is a way for businesses to interpret their own IT data in a way that makes sense from their unique view point. We know other vendors describe possible solutions to this problem as “very complicated” or even worse, “solvable with professional services” (code for “very expensive with no guaranteed outcome”). So we went the other way. As my father always said, “K.I.S.S” - keep it simple, stupid. And we did just that. We KISSed our Log Labels feature. It’s the next step in evolution from indexing. It adds intelligence to unstructured data. It’s GUI-based. It’s simple to use. It does not require 6 months of professional services. And it’s built into 5 for free. Everyone say Yay!

3) The Time Saver

Lastly, I’m psyched about Policy Based Grouping. I know it seems like just a little thing, but when you actually start to peel it back, it makes perfect sense for our target market (think really really big players). Let me give you a few examples.PCI Compliance: customers who have to adhere to PCI often segregate their networks and apply the PCI controls only to that specific subnet, which makes perfect sense. But what if you’re logging your entire network, but only want to see specific reports, alerts or searches from a specific subnet? Well, LogLogic can create a dynamic group that will add devices to that specific group as they come online. This automation cuts down administration for our customers tenfold.

Another example? You want to see all firewalls worldwide, but those firewalls are from a handful of different vendors. However, the naming convention all matches a specific standard. You can now create a dynamic group to add all devices with that naming convention worldwide. One shot deal. Job done.So to all of our customers, you’ll get LogLogic 5 with your current support agreement. No extra charge. No additional cost. No reason to wipe your machine for a clean install. Easy-peasy.For those who want to see how to consolidate your IT data, get visibility into, and act on events from all of your network devices, operating systems, custom applications, and more...sign up to receive detailed information. We’ll show you how it gets done. The right way.