Showing 33 ideas for tag "administration"

Feature Requests

Drop specific incoming messages

An administrator may deem some messages undesirable, either specific logs produced by a source or a whole source. Such messages may result in CPU/disk resources being expended unnecessarily. Undesired log messages may result in Log Insight's data store being rotated more quickly than desired. In terms of licensing, one may wish to drop log messages from unlicensed sources, restricting sources from which log messages are... more »

Feature Requests

Enhance logging of Log Insight agent for parsing errors

I was trying to set up a content pack that included a csv parser in the agent configuration that was being pushed out. Because the actual log files contained extra fields that weren't defined in the parser, no fields were getting tagged appropriately. I was able to find this out and fix it eventually, but the Log Insight agent log didn't give any indication that this was happening. It would have reduced my troubleshooting... more »

Feature Requests

Log Ingestion Volume/Size per Day

It would be beneficial for capacity planning, if there was a field that would display the total amount/size of log similar to how Splunk does (as shown in the attached screenshot).

I do understand that there are capacity emails that are sent, and they do show the "at the time average" of volume ingested per day, but there is nothing that can be looked at, at any time.

If this could update every 4-12 hours, that would... more »

Feature Requests

Inherit agent groups from master cluster

We, like many other enterprise users have many distributed vRLI Servers around the world that effectively serve as forwarders to a master cluster. It would be ideal if these servers inherited the agent configuration from the master cluster so all sub-servers do not need configured with agent groups. This will prevent configuration drift of the multiple servers acting as forwarders. There should however, be the ability... more »

Feature Requests

Should be able to delete content from Content Packs section

When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.

Feature Requests

Give Agent Group ability to set hostname property in agent ini file

Agent Groups can be used to push out Log Insight agent configuration to groups of LI agents. Unfortunately, it doesn't look like the hostname key under [server] can be set using this.

We have multiple Log Insight clusters that we want to send data to. The way we push out the LI agent, we can't differentiate which LI cluster we want an agent to send data to so I tried to use Agent Groups to do this, but it doesn't work.... more »

Feature Requests

Better endpoint status

Things have improved over time and I have noted the previous feature request (http://loginsight.vmware.com/a/idea-v2/8395) however it is very difficult to manage the status of the endpoints for both agents and syslog hosts. This is important both from an operational and security point of view. Some features which would help a great deal are:-

- Ability to purge the "host" page
- Add last active (or last received... more »