VMware vRealize Log Insight 4.5

Log Insight 4.5, available 2017-06-13.

Download | Release Notes | Installation and Usage Videos | Support Center
 

New server features:

  • Added API to query alert execution and notification history
  • Added ability to specify basic authentication for webhooks
  • New product configuration APIs added
  • The source field is maintained when forwarding from vRealize Log Insight forwarder to a vRealize Log Insight server
  • Hosts on the /admin/hosts page can now be exported
  • Support for external load balancers has been deprecated
  • VMware Identity Manager (vIDM) is recommended for vRealize Log Insight. Native AD support is now deprecated. See the following Knowledge Base article for migration information: Article 2148976

General User Interface Items:

  • Dashboard legend mouse-over in one widget now highlights corresponding chart items across widgets
  • Added ability to show a given time across all dashboard chart widgets simultaneously
  • Separate options are available for descriptions and recommendations for user alerts
  • User alert history for aggregation queries now includes count

New agent features:

  • Added ability to send unaltered raw syslog to destination server
  • Added ability for agent syslog parser to parse structured data (SD), PRI, PROCID, and MSGID syslog fields
  • Added auto-update checkbox option on MSI user interface
  • Added support for sending logs to multiple destinations
  • Added directory wildcard support
  • Added support for Photon OS
  • Support for Ubuntu 12.04 LTS has been deprecated

And just like in previous releases, everyone with a vCenter Server license gets a free version of Log Insight. See the full list of what's new in Log Insight 4.5.

Join the VMware Log Insight Community!

Register now and vote on feature requests or propose new ones.

You'll also have access to our next Technical Preview release. Installed as a fresh deployment or on top of the latest release, this lets you preview experimental features and enhancements that may be available in a future generally-available release of Log Insight and give us feedback - what needs work, what features you’re still looking for, or what’s wonderful. Let us know!

Content Packs

MS Exchange Content Pack dashboards empty

We have MS Exchange environment with 8 Exchange servers. We have Log Insight 4.3 with MS Exchange CP 3.2. We have configured it according to attached documentation with regards to some doubts in another forum thred here. Now some dashboards are empty or contain wrong data: 1. Information on widget Microsoft - Exchange > User information > Number of users per server is wrong: Total number of users is correct (after ...more »

Submitted by (@pawel.orzechowskiindevops.com)

Voting

2 votes

Content Packs

MS Exchange Content Pack agent scripts configuration clarification needed

We have MS Exchange environment with 8 Exchange servers. We have Log Insight 4.3 with MS Exchange CP 3.2. While configuring it according to attached documentation we have encountered following problems that I ask for clarification: 1. Agents powershell scripts run on one or more MS Exchange servers 1.1 Observation: Running both scripts exchange_wrapper.ps1 and exchange_mailbox_wrapper.ps1 seems to give the same output ...more »

Submitted by (@pawel.orzechowskiindevops.com)

Voting

2 votes

Feature Requests

Provide mechanism for vRealize Log Insight to create Catalog item in Identity Manager

Provide a mechanism within vRealize Log Insight's Authentication Configuration section that allows for easy creation of the application within the within the catalog for VMware Identity Manager. At the moment, a user must manually create this, an operation that has the potential to change between vIDM releases which complicates the situation and causes a poor UX -- example : https://blogs.vmware.com/services-education-insights/2017/08/vrealize-log-insight-authentication-via-vmware-identity-manager.html ...more »

Submitted by (@gfritzvmware.com2)

Voting

3 votes

Feature Requests

Time between logs - as numerical value

I am suggesting that you should be able to Select "Time Between first-last" as a value. So if you for example have made a log Query that shows all error logs for a specific event, then you can present how long this event occured. This can also be useful if you have one log entry for start of a deplyment and one for finish, because then you could present build time from the Timediff between the first and last log entry ...more »

Submitted by (@hawkienorwayhotmail.com1)

Voting

5 votes

Administration of Log Insight

Customize fields in the alert.log file

I have Log Insight version 4.3 installed, and I would like the capability of limiting who can schedule a query or search. I know there isn't a capability in Log Insight for this feature (yet). I know that version 2.0 introduced an alert.log file. I have a script that stays in memory. The script reads the alert.log file. If a new line is found, then the script will parse the current line and send data (syslog or snmp) ...more »

Submitted by (@leroyisaacgmail.com2)

Voting

1 vote

General Log Insight Q&A

Log processing rate in vRealize Log Insight

Hi to all members. Could anyone help if we can capture the log processing rate and the log arrival rate by vRealize Insight ? I am particularly interested in 1. Capturing the arrival rate of the logs to the Log Insight in events/sec or bytes/sec 2. The processing rate of the logs by Log Insight in events/sec or bytes/sec. 3. Ensure my Log Insight processing rate is higher than the arrival rate. There are statistics ...more »

Submitted by (@sreejithparakkatil)

Voting

2 votes

Feature Requests

Ability to inject data from an external source (DB,etc) in to log streams

I've repeatedly seen a requirement to enrich log event streams within vRLI using field injection of data sourced from external data providers (fetched from database or through REST API calls). To-date the only way to accomplish this is to use another 3rd party product to do the field-injection and/or field-replacement prior to ingestion by vRLI. To-date, we need to implement syslog-ng on an intermediary system, leveraging ...more »

Submitted by (@mjusko)

Voting

2 votes

Feature Requests

Disable built in system alerts from sending emails

I would like to be able to disable default system alerts, specifically the SSL certificate handshake. I continue to receive alerts due to a an "SSL handshake problem. This may be a problem with the SSL Certificate or with the Network Time Service. In order for Log Insight to accept syslog messages over SSL, a certificate that is validated by the client is required and the clocks of the systems must be in sync." I am receiving ...more »

Submitted by (@mkvanmatre)

Voting

6 votes