When Sophie ingests log data, it maps the data into three mandatory fields, affecting how it is parsed, analyzed, and correlated.
The fields are Source-Types, Services, and Applications.
A Source-Type is a mandatory field that defines how Sophie parses and measures log data.
Each data input can have up to any number of Source-Types, based on the variety of its logs’ formats.
Source-Types are mapped separately than Applications/Services and are not relational to each other as a domain-co-domain, allowing for:
Every Application to have any number of Source-Types.
Every Service to have any number of Source-Types.
In the context of Sophie’s data-ingestion, a Service is a mandatory field used for indexing and analyzing the data, based on the software generating the logs.
A Service doesn’t affect how Sophie parses data, instead, it gives Sophie a technical context on each log’s source.
Services represent the small technical components or business processes in Sophie’s data mapping, thus several of them are often clustered together under one Application.
In the context of Sophie’s data-ingestion, an Application is a mandatory field used for indexing and analyzing the data. Each organization may configure Applications differently resulting in a single log file, generated by the same 3rd-party software in two different organizations, indexed and analyzed differently.
An Application doesn’t affect how Sophie parses data, instead, it gives Sophie a business-context on each log’s source, allowing Sophie to perform another layer of correlation.
Applications represent larger or full business processes in Sophie’s data mapping and consists of either one or more Services.
Every Application can have up to any number of Services.
Different Applications can be composed of the same Services.
The following figures visualize Sophie’s data-ingestion flow: