Unomaly docs
Unomaly docs

Manage systems and groups

Systems refers to the sources of the log data that Unomaly analyzes. These software systems may be a server, container, or applications. When the systems are configured properly, Unomaly will detect them and display them in the user interface. If you have many systems sending data to a Unomaly instance, organizing the systems into groups make it possible to treat the systems as larger units for more efficient investigations, troubleshooting, and configurations.

You can manage the system and group settings in the Systems & Groups page.

Editing system settings

The settings that you can change for an individual system include: changing the state of the system, adjusting "Advanced" tokenization settings on the system, adding an alias to the system name, and removing the system.

Change the state of the system

A system can have one of three states: Active (enabled), Training, or Disabled.

Unomaly analyzes data from systems that are Active or in Training. If you change the system state to Disabled, Unomaly stops analyzing the data from that system and the system no longer consumes a license. You can also add Active systems back into Training to force Unomaly to learn the system. (Unomaly will not highlight detected anomalies for systems in Training.)

When a system is disabled, the “last seen” statistics continue to update whenever the Unomaly instance receives data from the disabled system, but the data will not be analyzed. Disabling a system does not affect previously consumed data, learned profiles, and detected anomalies.

Add a system alias

Unomaly derives the default name of a system from the data it receives from that system. This means that the display name for a system can depend on how that system sends its data to Unomaly.

You can add an alias to the system name to make it more descriptive and informative. For example, if the default name for one of your web servers is an IP address, such as 10.8.0.1, you can alias it to display as web01.company.com.

Remove a system

Removing a system means deleting everything the Unomaly instance has gathered about the system, including the data and the behavioral statistics.

To permanently remove a system:

  1. Configure the system to stop sending data to the Unomaly instance.
  2. In the system’s settings, remove the system from the Unomaly instance.

If the removed system continues to send data to Unomaly, the instance will automatically add the system (as a new system) the next time it receives data from that system.

Organize systems into groups

You can create groups based on common characteristics that the systems share, such as their function in the infrastructure or their geographical location. Individual systems can be part of more than one group.

Follow these steps to create a new group of systems.

  1. In the Systems & Groups page, click New group in the left-hand sidebar.
  2. Type in a Goup name.

When naming a group, choose a name that describes the common characteristics of the systems you will add to the group. For example:

  • Systems of similar type, such as webserver
  • Systems that fulfill a service or function, such as Customer_portal
  • Systems that are related or share ownership, such as IBM_systems

To make troubleshooting data issues easier, we recommend organizing your data and systems into groups based on their functions. This also works in line with the Teams and Permissions feature, which makes sure that users access data that is relevant to them. See Teams and permissions.

Add systems to a group

In the Systems & Groups main page:

  1. Select the systems you want to add to a group.
  2. Click the “Add to group” icon to the right of the search bar.
  3. Select the group or groups that you want to add the systems into.

Remove systems from a group

In the Systems & Groups page, if selected systems are already part of a group, you can use the “Remove from group” icon to take them out of groups. Removing a system from a group does not delete the system.

To remove systems from more than one group, use the main page and the systems list. Otherwise, you can click into a group to edit the members of the group.

Edit group settings

To change the name of a group or remove the group:

  1. Click on the cogwheel for a group object in the left-hand sidebar.
  2. To change the name of the group, choose Rename and type in the new name.
  3. To remove the group, choose Delete and confirm the action.

Table of Contents