No active queries
No recent queries
Tenant Admins have full system access. Users can query and comment. Assign fractal-level permissions (viewer/analyst/admin) separately via fractal management.
A one-time invite link will be generated for the user to set their password.
Groups let you assign fractal permissions to multiple users at once.
Maximum time an alert query can run. Alerts that exceed this are automatically disabled to protect system health.
Maximum time a user search query can run before being cancelled.
Context links add lookup icons next to matching field values in the log detail panel. When clicked, they open external services like VirusTotal or AlienVault OTX.
Comma-separated field names (case-insensitive)
Only show the link when the field value matches this pattern
Use <ATTR_VALUE> as placeholder for the field value
Normalizers transform field names during log ingestion. Attach them to ingest tokens to standardize field names across log sources.
Map source field names to a target name. Sources are matched after transforms are applied.
Configure which fields to check for timestamps and their Go time format. If no match is found, ingest time is used.
One source field per line.
Enter a query to search logs
| Name | Description | Time Range | Created | Updated | Actions |
|---|
| Name | Description | Time Range | Created | Updated | Actions |
|---|
| Name | Description | Columns | Rows | Actions |
|---|
Select a conversation or create a new one to start chatting with Bot.
| Name | Token | Parser | Status | Usage | Actions |
|---|
Queries against this prism run across all member fractals.
Control which users and groups can access this fractal and their role level.
Viewer: query/view. Analyst: create content. Admin: manage fractal settings.
Manage programmatic access to this fractal
Automatically delete logs older than this period. Deletion runs hourly based on log timestamp. Default is unlimited.
Automatically create encrypted archives on a schedule. Uses the fractal's retention window if set.
Keep at most this many archives. Oldest are automatically deleted when exceeded.
Create encrypted archives of this fractal's log data, or restore from a previous archive.
The token determines which fractal logs are restored into. To restore into a different fractal, use a token from that fractal.
Configure alert details and notification settings
Event alerts match individual logs in real-time.
How much data each evaluation window covers
Standard 5-field cron: minute hour day-of-month month day-of-week
How far back the query looks each time it runs
Comma-separated labels
0 = no throttling, max 24 hours
Throttle per field value (optional)
One URL per line
This action cannot be undone. All logs will be permanently deleted.
Automatically delete logs older than this period. Deletion runs hourly based on log timestamp. Default is unlimited.
Limit how much disk this fractal can consume (measured as raw log bytes). Leave empty for no limit.
Reject stops accepting new logs and returns 429. Rollover deletes the oldest logs to make room.
This action cannot be undone. All logs for this fractal will be permanently deleted, but the fractal structure will remain.
Tenant Admins can add users and clear logs. Users can query and comment.
Important: This is the only time you'll see the full API key.
Please copy it now and store it securely. You won't be able to view it again.
Valid for fractal:
curl -H "Authorization: Bearer YOUR_API_KEY" "https://your-bifract-instance/api/v1/query"
curl -H "X-API-Key: YOUR_API_KEY" "https://your-bifract-instance/api/v1/query"
fetch('/api/v1/query', { headers: { 'Authorization': 'Bearer YOUR_API_KEY' } })