Administration of Log Insight

Request for variable retention

IHAC customer (CBA) that needs to retain up to 3 months of data in vRLI. Unfortunately, my customer's vRLI setup is now only retaining 7-8 days of data (its slowly been dropping with the migrations)… this is all due to the volume of DFW (NSX) logs… The customer has discussed dropping all accepted/allowed but customer security policy informed the customer that it wouldn't be allowed to do so.

 

The customer has queried Splunk for all DFW logs (07/01/2018), it currently manages two separate environments and the results came back with almost billion results for 24h (914,652,684).

 

 

· When does VMware plan to offer a Log "classification" feature which allows me to drop DFW logs faster than others?

Tags

Voting

5 votes
Idea No. 553