Understanding the Insight indexes
All the features and Protectors send logs to Insight. The logs from the Audit Store are displayed on the Discover screen of the Insight Dashboard. Here, you can view the different fields logged. In addition to viewing the data, these logs serve as input for Insight to analyze the health of the system and to monitor the system for providing security. These logs are stored in the Audit index with the name, such as, pty_insight_analytics_audits_1.0*.
You can view the Discover screen by logging into the Insight Dashboard, selecting Discover from the menu, and selecting a time period such as Last 30 days.
The following table lists the various indexes and information about the data contained in the index. You can view the index list for PPC, by logging into the Insight Dashboard, and navigating to Index Management > State management policies. To view all the indexes, select Indexes. Indexes can be created or deleted. However, deleting an index will lead to a permanent loss of data in the index. If the index was not backed up earlier, then the logs from the index deleted cannot be recreated or retrieved.
| Index Name | Description |
|---|---|
| .kibana_1 | This is a system index created by the Audit Store. This hold information about the dashboards. |
| .opendistro-job-scheduler-lock | This is a system index created by the Audit Store. This hold information about the security, roles, mapping, and so on. |
| .opendistro_security | This is a system index created by the Audit Store. It contains information about the security configurations, users, roles, and permissions. |
| .plugins-ml-config | This is a system index created by the Audit Store |
| .ql-datasources | This is a system index created by the Audit Store. |
| pty_insight_analytics_anonymization_dashboard_1.0- | This index logs Data Anonymization dashboard and process tracking information. |
| pty_insight_analytics_audits_1.0- | This index logs the audit data for all the URP operations and the cluster logs. It also captures all logs with the log type protection, metering, audit, and security. |
| pty_insight_analytics_crons_1.0 | This index logs information about the cron scheduler jobs. |
| pty_insight_analytics_crons_logs_1.0 | This index logs for the cron scheduler when the jobs are executed. |
| pty_insight_analytics_discovery_dashboard_1.0- | This index logs Data Discovery dashboard and metadata information. |
| pty_insight_analytics_encryption_store_1.0 | This index encrypts and stores the password specified for the jobs. |
| pty_insight_analytics_kvs_1.0 | This is an internal index for storing the key-value type information. |
| pty_insight_analytics_miscellaneous_1.0- | This index logs entries that are not categorized in the other index files. |
| pty_insight_analytics_policy_1.0 | This index logs information about the PPC policy. It is a system index created by the PPC. |
| pty_insight_analytics_policy_log_1.0- | This index logs for the PPC policy when the jobs are executed. |
| pty_insight_analytics_policy_status_dashboard_1.0-index | The index holds information about the policy of the protectors for the dashboard. |
| pty_insight_analytics_protector_status_dashboard_1.0-index | This index holds information about protectors for the dashboard. |
| pty_insight_analytics_protectors_status_1.0- | This index holds the status logs of protectors. |
| pty_insight_analytics_report_1.0 | This index holds information for the reports created. |
| pty_insight_analytics_signature_verification_jobs_1.0 | This index logs information about the signature verification jobs. |
| pty_insight_analytics_signature_verification_running_jobs_1.0 | This index logs information about the signature verification jobs that are currently running. |
| pty_insight_analytics_troubleshooting_1.0- | This index logs the log type application, kernel, system, and verification. |
| top_queries- | This index logs the top and most frequent search queries and query analytics data. |
Feedback
Was this page helpful?