Skip to main content
Skip table of contents

Axon 2023.04 Release Notes

Welcome to the April 2023 release of LogRhythm Axon! There are many exciting updates included in this release that we hope you'll like. Brief explanations of the updates are grouped into the following sections:

Key highlights include:


Observation Clustering

Axon intelligently combines observations with minimal tuning to identify the most meaningful observations and alert the analyst to those that need attention. Observations and other key events are automatically grouped into a cluster. When these rows are visible in a grid view, they display a new cluster icon

. Opening the inspector shows details of the cluster, including how they were related and details of the peers within the cluster. 

For more information on Observation Clustering, refer to Clusters.

Analyst Experience

Donut Chart Update

The Donut widget for Dashboards and Search pages has been updated to aid in readability. When configured to display submetric values, the value labels will appear as sections within the primary metric value. Clicking on a label or same-color section will drill down into that section. Small values are grouped into # Items  slices, and primary metric values too small to label are listed as # Groups . This section can also be expanded to fill the chart and see smaller values. 

Assisted Search

A new search experience has been released to make construction of search queries faster and more accurate. Clicking into Add filter... in the Quick Search Bar will allow the user to start typing a field name, and then make a selection from the suggested list. Field names with spaces can be accessed by using a dot instead of a space (Host IP becomes host.ip). Operators can be selected from a drop-list, with a default of IS (=). Values can then be entered in the Value...  field. Pressing enter executes the search and moves the query to the Search Bar on the Search Page. Pressing tab adds a second clause. 

Users can return to the text-based search experience through the Search Settings icon. 

For more information on Assisted Search functionality, refer to the Search topic.

Single Metric Widget

The single metric widget is a new visualization that simply displays a count of values matching a query, with an underlying trend line to help the user understand the context of the value. 

There are two main modes of operation - Count and Numeric Aggregation. From the configuration panel, choosing Count displays a total count and optional trend line. This can be used to display the number of results matching a saved search.

Configuring the visualization to perform a numeric aggregation (average, minimum, maximum, or standard deviation) presents a list of numeric fields to aggregate on, such as Bytes Total. The visualization can then be configured to display additional numeric aggregations at the bottom.

For more information on the single metric widget, refer to Single Metric Widget.

Data Collection

Axon Agent for Linux

Axon Agents can now be installed on Linux hosts. When creating an Axon Agent Profile, you can now choose Linux as the target operating system. This allows Axon to secure even more types of hosts. 

For more information on creating an Agent Profile using the Linux operating system, refer to Axon Agent Profiles.

Axon Agent Improvements

Axon Windows Agent has undergone performance enhancements that allow logs to be collected faster.  The logging level can also be configured from the Agent configuration to assist with agent support.

New Log Sources Supported

AkamaiCisco Secure WebMimecast Email Security
AWS Amazon ElasticacheCisco UmbrellaNetskope
AWS Amazon WorkdocsCloudflareOracle Cloud Infrastructure Audit
AWS Application Migration ServiceDarktracePalo Alto Cortex Data Lake
AWS Cloud9Digital Shadows SearchlightPalo Alto Corex XDR
AWS Cloud FormationDragosPalo Alto Prisma Cloud
AWS Elastic Container ServiceF5 Big-IP AFP, APM, ASMRSA SecureID Cloud
AWS Guard DutyFireEye Web Malware Protection SystemWindows Management Instrumentation
AWS IoT AnalyticsForcepoint CASBSymantec DLP
AWS Route 53Forcepoint Secure GatewayTrend Micro Cloud App Security
AWS Amazon Simple Notification ServiceFortinet AuthenticatorTrend Micro Deep Discovery
AWS Virtual Private CloudGmail Message TrackingTrend Micro Email Security
Cisco MerakiGoogle WorkspaceZscaler Internet Access
Cisco Meraki CloudImperva Cloud WAFZscaler Private Access
Cisco Secure AccessIronNet IronDefense
Cisco Secure EndpointMicrosoft IIS

Platform Improvements

Status Page Enhancements

Two new metrics have been added to the Axon status page at These metrics automatically report whether the Ingest API is healthy and available and whether a User can execute a search and retrieve results.

We also re-organized the structure of the status page to prepare for when we have multiple Axon instances in the future. The new structure will consist of a hierarchical tree, where the top level is the Axon instance region (e.g. us-west-2 Oregon) and the items nested underneath are the metrics pertaining to that region. For example:

  •  us-west-2 (Oregon)
    • Axon - Web App Authentication
    • Axon - API Server
    • Axon - Ingest API
    • Axon - Search
  • <future region>
    • Axon - Web App Authentication
    • Axon - API Server
    • Axon - Ingest API
    • Axon - Search

For more information on the Axon status page and how to subscribe to updates, refer to Axon Status Page.

Documentation Updates

The following documentation topics (not including those mentioned above) have been added or updated since the previous release.

TopicExplanationDocumentation Link
Supported Log Source TypesThis topic will be updated consistently to show all log source types that are currently supported within Axon.Supported Log Source Types
Generic REST Collector DocumentationDetailed documentation for configuring a generic REST collector within Axon.Generic REST Collector
Collector Configuration GuidesExisting collector configuration guides have been updated with screenshots and additional details.Collector Configuration Guides
Single Sign-On Configuration GuidesThree new configuration guides have been created showing how to setup Azure and Okta SSO configurations in the third-party portal and in Axon.Single Sign-On (SSO)

Resolved Issues

The following issues have been resolved with this release.

Bug IDRelease Notes
ENG-23192Transmission to the Axon platform is now done in 10MB chunks to avoid "payload too large" errors.

Syslog headers are no longer stripped off and are correctly transmitted to the Axon platform for processing.


A series of enhancements were made to the configuration to make the Axon Agent more reliable.


Spooled files are now correctly identified and transmitted to the Axon platform.


The Axon Agent now collects utf-8 data without errors.

ENG-26906Collectors are no longer unable to be retired in certain situations.
ENG-28598The Generic REST Collector no longer sets variable values in the transit's host field - this value will remain constant.
ENG-25264The trend chart widget no longer fails to display data in certain situations.

Resolved security-related issues are available for customers to view on the Community.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.