The following are key concepts and are important to understanding how Devo works.


An aggregation performs a calculation, such as count or average, on events that have been previously grouped in a data table. The result of the calculation appears in a new table column. For more information, see Aggregations.


Alerts are messages that can be configured to notify users of important system events, either in real-time or scheduled. Go to Alerts management for additional information.


Charts are graphical representations of information intended to make information easier to understand. You can build charts after performing a query, directly on the data table. Devo offers a rich gallery of charts you can use depending on your needs.


Dashboards are visual representations of the results of your search queries through widgets updated in real-time. There is a great variety of widgets available to represent the data in different ways.

Data source

A data source automatically feeds dashboard widgets or any customized monitoring applications in real time.

Data table

A data table is the result of passing the received data through a parser. Events are displayed in rows with data parsed into fields which appear in columns. Each column is assigned a specified data type such as string, integer, IP, date, etc. See the Viewing the data tables article for more information.


Domains are environments that enable access to different subsets of the data in your organization. Your company can have one or many domains and a user can be granted access to just one or to many domains as needed. If you have access to multiple domains, during the login process, you will be prompted to select the domain you want to enter.


Apply filters to data tables to isolate or exclude specified field values. Filters offer several operations you can use to get the data you need.

Graphical correlation

Using this process you can create charts joining two or more tables using a common field. For more information, see Graphical correlation.


Events in a data table can easily be grouped by time periods to facilitate analysis. Grouping is required in order to subsequently apply aggregation operations on the data. See the Group article for more information.

Lookup table

Lookup tables enable you to extend or enrich data tables by correlating source data with data in a lookup data file. Lookup tables can be feed with either external data or a data table content (dynamic lookups). See Lookup management for more information.


You can use panels to create a graphical representation of a business process or sketch the infrastructure of a system by linking different elements. Panels also allow you to associate queries and alerts in real-time to the elements added.

Permalinks are URL links pointing directly to shared dashboards. They can be easily shared with other users but access rights are necessary to view the dashboards. 


A mechanism used to securely send data to Devo using virtualization software (VMWare, VirtualBox, and two versions of Hyper-V). Relays are available for download and need to be previously configured. Learn more in the Relays article.


Tags are a hierarchical labeling mechanism used by Devo to parse log data into fields in a data table. Every event should have a tag structure that identifies its logs.


Embedded applications that you can add to a dashboard and used to show data in different ways. Each widget shows a type of graph and has specific configuration rules. Go to Working with dashboard widgets to learn more.

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.