It would be great if the system monitor could be extended with a tab which shows all cluster nodes (CPU, Memory Swap etc) so that it will be possible to see the status of the complete cluster on one single page.
It would require the following to achieve this:
* Datasets to include custom searches
* Datasets to include per VIP Static tags
* Datasets to include Content Pack regex
This would allow users to control access based on the source / tenant / business unit / environment... more »
We would like to be able to enrich log records with info from an external sources (add custom tags for incoming/existing logs based on a query to an external service) like vROPS does.
a. Query GeoIP Web Service for IP’s location
b. Query CMDB via HTTP/LDAP for additional information (e.g. customer name, related services, server role, environment ….)
How can I log the logins from the administrator and other users on the LogInsight user interface and dashboards?
It's an overhead having to create forwarding rules to tag logs on forwarders as we don't give dashboard users access to forwarders it would be much simpler to allow them to create a group of hostnames and allow that group to be used in queries.... more »
Organizations with PHI/PCI or other regulatory compliance requirements may need to allow a person to Administer a LogInsight Server or Agents but not allow them to view logs collected by the agents or retained by the server.
It would be great to have the ability to replicate (or even export/import) config between clusters. We currently deploying 10 3-node forwarding clusters and managing the agent config is going to be a challenge.
That would be great to be able to configure the default VIP under cluster/ILB configuration tab.
As of today, in order to manage Agent configuration the user needs to have "Super Admin" role which has very wide scope including the ability to manage access control.
We should be able to delegate Agent Configuration to some "power users" without giving them the ability to alter Access Control.
An "Agent Admin" role would great in that objective.
At the moment there are just a few fields available.
For example we would like to create a data set for some users so that they can only see events where "text"-field matches a regex query or certain words or e.g. the "event_type" field is a certain type.
Custom extracted fields are also not available for data set filters.... more »
In the Content Packs section for Log Insight, if you look at the Shared Content, there is a tab for Alerts, but you can't build any shared alerts. It would be really useful to be able to make user level alerts shared with everyone.
Some of our log readers want some way of sharing dashboards between each other. They are not admins so can't write to shared dashboards.
We'd like a way of either :
granting certain users write/move to rights for *some* shared dashboards.
Ideally some sort of rights management features to accompany this.
as an admin, the ability to clone or mutate another users (not my) dashboard to a shared dashboard.
RBAC - add function "Create a dataset" from current query or add favorite (saved) query while creating new dataset. It would be very useful to search for a subset of data and then create a dataset out of it, in the same way as "add current query to dashboard" or "share the query" functions work...
Some content packs can impact the entire LI clusters performance.
LI should be able to determine based on known best practices if a content pack will potentially be problematic and a warning icon/alert should notify administrators of this situation.
Provide ability to copy active agent groups. This is especially useful if file logs was updated and will reduce the time to make edits on fields.