HeliosLogs

Appearance

Glossary

Environment (env) — the top-level tenancy boundary; a workspace. Indexes and saved searches belong to one. Reserved: default, _system. See Concepts.

Index — the storage partition key within an environment (e.g. nginx, app-logs). Set with ?index= on ingest, filtered with index: in queries.

Source (field) — a per-event tag inside a document (source:checkout), distinct from the index. Not to be confused with a pull source.

Pull source — a configured job where HeliosLogs tails files on a schedule. See Pull sources.

Partition — an independent (env, index, day) storage unit. Events route to one by their timestamp.

Block — an immutable, columnar file (.hb) — the engine's storage unit. Written once; merged by compaction.

Manifest — the small, mutable list of live blocks for a partition; updated by compare-and-swap.

Compaction — the automatic background merge of many small blocks into fewer large ones.

Schema-on-read — fields are discovered at query time, not declared. Only the universal-core fields are structural. See Concepts.

Universal-core fieldtimestamp, message, raw, source — the only structurally-treated fields.

Dynamic field — any other JSON key, queryable as key:value.

Control plane — the encrypted JSON store for identity, settings, saved searches, dashboards, monitors, alerts, and conversations. Not a database.

Shared store — an FS/NFS path or S3 bucket that replicates data and the control plane across nodes; the basis for HA and DR. See Multi-node.

Monitor — a scheduled rule (threshold or AI) that raises alerts. See Monitors.

Alert — a fired notification from a monitor; lives in the inbox until acknowledged.

Ingest token — a scoped bearer secret authorizing a shipper to write logs to an env/index. See Ingest tokens.

API key — a bearer secret authorizing REST access (admin or standard). See API keys.

RBAC allowlist — the per-user env/index access scope (EnvIndexAllow). Empty = full access. See Users & RBAC.

MCP — Model Context Protocol; the POST /mcp server exposing HeliosLogs's tools to AI clients. See MCP server.

Agent — the in-app AI assistant that investigates logs using those same tools. See Investigate.

Self-logs — HeliosLogs's own telemetry (_helioslogs, _helioshttp, _heliosmcp) in the _system environment. See Self-observability.

FIPS — a build that uses the AWS-LC FIPS 140-3 validated crypto module. See FIPS.

© 2026 Appbird LLC. All rights reserved.