Your application and systems generate log events which can be delivered to Loggly using any modern syslog agent or any agent that uses the syslog protocol (RFC 5424), like syslog-ng, rsyslog, and NXlog.
The Ingestion phase is where Loggly receives your events, records that events were received and stores the events.
Once the events are stored, Loggly immediately begins analysis. If it is determined to be a standard type that is recognized by the system (https://www.loggly.com/docs/log-types/), then Loggly parses the event into individual fields. For example, if an Apache web log is parsed then all of the fields including referring URL, status code, etc. will be identified as individual fields to be indexed. Loggly automatically extracts individual fields from your data. Standardized log formats such as syslog, Apache, Java, and nginx are supported as well as JSON structured data.
The indexing phase creates fast, distributed-lookup indices for the full text of each event as well as individual parsed fields. This provides maximum flexibility for users to find and analyze events once they are made available in the application.
At this stage, Loggly performs any alert conditions that the user has set, executes any reports that are due to be issued and updates summary information for dashboard widgets that have been created.
All search, trending, alerting, reporting, setup functions are available via the Loggly web application as well as via our RESTful API.