First steps

You have HeliosLogs running (via the Quickstart or from source). This page walks through the first hour: claiming the instance, getting data in, and the handful of things to configure before inviting a team.

1. Claim the instance

There are two ways the first admin account comes to exist:

• Setup wizard — if you started HeliosLogs with no users and no HELIOS_ADMIN_PASSWORD, the browser shows a setup screen. The first visitor creates the admin account (userid, email, password). This is the low-friction path for a single operator.
• Environment bootstrap — set HELIOS_ADMIN_USER (default admin), HELIOS_ADMIN_EMAIL, and HELIOS_ADMIN_PASSWORD before first boot and the admin is created automatically, skipping the wizard. This is the right path for automated or public deployments.

Break-glass reset

Locked out? Set HELIOS_ADMIN_RESET=1 together with HELIOS_ADMIN_PASSWORD and restart. On boot, HeliosLogs resets that admin's password and revokes outstanding sessions. Unset it again afterward. See Configuration reference.

2. Set your environment

The top-nav environment picker controls which workspace you're looking at. You start in default. If you want to separate data — say dev/test/prod, or one env per team — create environments now from Admin → Environments. See Environments.

3. Get a little data in

Send a few events so you have something to search:

curl -X POST 'http://localhost:7300/api/ingest?env=default&index=adhoc' \
  --data-binary @- <<'JSON'
{"timestamp":"2026-06-14T18:00:00Z","level":"INFO","service":"api","message":"service started"}
{"timestamp":"2026-06-14T18:00:05Z","level":"WARN","service":"api","message":"slow query","latency_ms":820}
{"timestamp":"2026-06-14T18:00:09Z","level":"ERROR","service":"api","message":"upstream timeout","status":504}
JSON

Then open Search, set the time range to cover now, and run * to see them. Or click Load sample data on a fresh install for a richer dataset.

4. Try the core workflows

• Search & filter — run level:ERROR, then click service values in the field panel to narrow down. See The search interface.
• Analyze — run * | stats count by service for a table, or * | timechart span=5m count for a chart. See Pipeline operators.
• Save a search — click the star to save a query you'll reuse. See Saved searches.
• Build a dashboard — add a couple of widgets. See Building dashboards.
• Create a monitor — alert when errors exceed a threshold. See Monitors.

5. Personalize

On the Account page, set your timezone (used for all timestamp display) and theme. These follow your user across browsers.

Pre-team checklist

Before you invite others, configure:

• [ ] Authentication — a strong admin password; consider SAML SSO and a shorter token TTL.
• [ ] Users & access — create users and scope their data access with RBAC.
• [ ] Retention — set a global default and per-env overrides so disk doesn't grow unbounded. See Indexes & retention.
• [ ] Ingestion auth — require ingest tokens so only authorized shippers can write.
• [ ] Secrets — back up secret-control.json and secret-jwt.json, and (for multi-node) point every node at the same files. See Secrets & encryption.
• [ ] AI & MCP (optional) — configure an LLM provider and the MCP server if you want AI investigation.
• [ ] Hardening — review Security hardening before exposing HeliosLogs beyond localhost.