The cloud-native platform for centralized log management
Products built on the Devo Platform
Leading firms gaining more value from their machine data
Any source, any velocity – centralize logs, metrics, and traces for full visibility.
Close the gap between detection and response with an analyst-focused, cloud-native approach.
Understand complex environments with visual analysis and KPIs that matter most.
The most recent articles & research from Devo
From the outset, Devo was designed to be easy-to-use and intuitive while also enabling complex and sophisticated tools for data analysis.
It takes just a few sessions for most users to master the basics of navigating the web application, selecting data tables, and building queries. That said, Devo offers training courses that prepare users with what they need to know to get results with Devo right away. Learn more about Devo training services.
Devo can collect and derive analytics from any cloud provider’s operational event data.
Devo can be deployed in both public and private clouds, or in public cloud resources dedicated to a single organization (semi-public).
The Devo SaaS offering is available in multiple AWS, Azure, and Google Cloud Platform regions.
No, actually it's much faster. Instead of one enormous index, Devo asynchronously generates many small and lightweight indexes.
Let's say that firewall events make up about 10% of your data repository. When you open a search that calls a firewall table (i.e. a table with a firewall tag like firewall.juniper.traffic), only 10% of the data in the repository needs to be searched to locate and retrieve the associated events.
Devo's agile and intelligent system for indexing data speeds data ingestion and means that your data is stored hot and stays hot for as long as you need it to.
Yes and yes. There are two APIs.
Our REST API enables programmatic access to data stored in Devo, lets you run queries remotely, and either return the results to the requestor or to another repository (like S3, Hadoop, or Kafka). You can also manage jobs - these are the query requests that are actively querying and redirecting the results to another repository.
The Provisioning API is available to carry out actions related to managing a security credentials, users, and some other domain-related attributes. Particularly useful for very large implementations or for resellers.
This depends very much on the event source, its location, and source capabilities. What’s important to understand is that both the Devo relay and Devo itself are designed to receive syslog events.
If an event source lets you assign the correct Devo tag in the source system and is able to establish a secure channel using authenticated TLS over TCP , it can be configured to send events directly to Devo.
This is the case with both Windows and Linux machines as well as many commercial software systems.
However, many sources are unable to meet both of these requirements. In these cases, events can be sent untagged to a Devo Relay that resides within their organization's network. The relay can be configured with a rule that will apply the correct Devo tag, then forward the event to Devo over a secure, encrypted channel.
Data can also be sent to Devo using netflow, an HTTP endpoint, or by simple file upload using the web application.Learn more.
Each Devo tag is linked in the platform to a parser that is designed specifically to parse the events with that tag. So when a user selects a data source in the Finder, the associated parser is called to parse the events for display in the search window. The parser determines the column names and data types in the table.
So, you can see that the tag is central to correctly saving, accessing, and parsing the events collected in Devo. Read more about tags or check out the complete list of already supported technologies and their tags.
The lightning-fast answer is yes. In most cases, the difference between the event timestamp (when the event occurred in the source system) and the Devo eventdate (when the event was received by Devo) is measured in milliseconds. And events are immediately available for queries. No waiting.
There are exceptions to this for systems that are specifically configured to send data at intervals. Such configurations are generally due to limitations of the source system, however, and the vast majority of data sources we've set up to send events to Devo are as close to real-time as you could want.
Devo uses standard LINQ which is based upon SQL. Those users comfortable with using query language can use query editors to create and edit their queries.
That said, it is not necessary for all users to master LINQ to use Devo effectively or to build complex, sophisticated queries. Devo was designed to make queries accessible to users of all skill levels. The user-friendly Devo search window displays data in table format and contains a number of interface tools that simplify filtering, data enrichment, grouping, and data aggregation operations. But behind it all is a LINQ query that you can view and edit at any time.
Data enrichment is performed on the fly by selecting the field to be enriched and specifying which source or operation to enrich the data with. Devo comes prepared with dozens of operations you can use to enrich your query data. The product documentation contains a complete list of the standard operations and describes how they are used.
In addition, you have a few other options for adding proprietary static and dynamic lookup data. You can:
Yes. You can easily set up an OData feed so you can pull data from your query in Devo into another external tool like Tableau, Power BI, or Excel. It's really easy and quick to do. Read about it here.
While you may continue to use your external visualization and analysis tools, Devo's Activeboards give you built-in, easy-to-use functions for building a wide variety of charts, maps, and tables for visual, interactive reporting.
Yes, as many as you need. Devo Activeboards can contain several types of charts including geographic maps, Voronoi diagrams, line charts, and many more. Simple controls let you use a single dashboard to view data for current or historic time periods.
Inputs are special controls that you can add to your Activeboards to enable interactivity with the widgets in your board. Learn more about Activeboards.
We strongly recommend TLS over TCP with certificate authentication for channels sending data directly to Devo in a public cloud. Events can also be sent to Devo via a Devo relay installed within the customer’s secure network. The relay sends data to Devo using TLS encrypted with RSA-2048 and SHA256 and using X.509 certificates for authentication.
OAuth tokens are available to secure data sent over HTTP.
Devo provides several types of security credentials to authorize connections with your Devo domain including API key/secrets, X.509 certificates in several standard formats, and OAuth tokens. These are found in the Administration → Credentials area of the web application.
Connections are encrypted by SSL certificate using the RSA public-key SHA-2 algorithm.
There are three default roles that cannot be changed:
In Devo, users access data using a Finder which contains links to virtual data table views. Domain Admin users can create custom finders that provide access only to specific tables and they can create as many custom finders as needed. These finders are then assigned as the default finder for application roles. This means that users will only be able to access data in tables that have been specifically allowed for the application role(s) they possess.
You can also control who can use your custom lookups by restricting them for use with specific tables. If no restrictions are applied to a lookup, it is available for users building queries on any tables in the domain.
Devo comes with predefined alerts that are based on common data sources and you can enable or disable these alerts as you choose. You can browse the list here.
Of course, you can create custom alerts to serve your needs. The first step is to build the query that allows you to identify the conditions that should trigger the alert. Then, using a tool available in the search window, you create the alert by giving it a name, a message, a description, and by defining the trigger method. Once you save the alert, you associate it with a sending policy in the Administration → Alert Configuration area. A sending policy dictates how and to whom the alert message should distributed and also sets calendar parameters that define when alert messages should be sent.
An Alert Dashboard is available to view and manage the alerts triggered most recently in your domain.
A single alert can be distributed using one or more delivery types. All triggered alerts appear listed in the Alert Dashboard in the Devo web application.
Devo bills based on a straight-forward 12-month subscription plan that is based on the average volume of data ingested daily. This is true whether the deployment is SaaS or on-premises. All Devo SaaS subscriptions and licenses include 12 months of encrypted and compressed data storage, and an unlimited number of domain users.
Using the web application's Home page, the domain administrator can easily monitor ingestion rates and clearly identify the data sources responsible for sending the most data to the Devo repository. This way the customer stays in complete control of the amount of data send to Devo. Contact our sales team for more information.
The cloud’s the limit. We don’t put a cap on the amount of data you can ingest per day, it’s dependent upon the resources available for your needs. Devo was designed to be scalable and to grow with your data needs.
Data is compressed at an average 10:1 ratio for excellent storage efficiency and is always hot for fast access. By default data is stored in Devo for one year. If you need to retain data for longer, no problem, just get in touch with your Devo account manager.