Showing 20 ideas for tag "analytics"

Feature Requests

Transaction support

Log Insight should facilitate understanding transactional flows, where a group of log messages tell a story together. The transaction identifier should be definable in content packs and by users, similar to an extracted field.

For example:
- vCenter, vpxa and hostd tasks are identified by an opID, relating task Start, Finish and subtasks within.
- ESXi vMotion tasks are identified by an MigID, relating Source and Destination... more »

Feature Requests

Flexible AND/OR logic needed for building queries

Currently when building a query in Interactive Analytics, all of the filters can use AND logic or they can all use OR logic. You can create different groups with different pieces of logic like:

 

(f_1 AND f_2) OR (f_3 AND f_4)

 

This would help me condense multiple components in some of our dashboards into one component

Content Packs

Windows Firewall Advanced Content Pack

Extract more Details from Windows Firewall File-Log

(ContentPack is attached)

 

- Blocked Connections by Source IP

- Blocked Connections by Destination IP

- Blocked Connections by Source Port

- Blocked Connections by Destination Port

- Blocked Connections by Protokoll

- Blocked Connections by Hostname

- Disabled / Enabled Firewall

Feature Requests

Math factor - for values

I was working on making a presentation of different values, and it struck me that it was exposing a lot of different values. One Place i got a Count, and another Place i had MB while on the NeXT one there was bytes. In making comparative Dashboards there should be the ability to use a Math factor for either multiplying or dividing the number you have, so you can alter the exposed value to the desired resultset.

Feature Requests

Allow Favorite Queries to use Dynamic Time Ranges

When you save a query to your favorite queries, it saves all the search and graphic conditions in addition to the EXACT time range was used. Even if you used the LAST 24 hours for example, that gets translated to 5am-5am for example when you pull it up from favorite queries. It would be great if there was an option to let the query to be set to "last 24 hours" or "last 6 hours" and that time is dynamic based on when it's... more »

Feature Requests

Application Autodiscovery

When Content packs are added post agent deployment on large estates, each agent's configuration requires updating to add the relevant section to the liagent.ini or the liagent-effective.ini. The recommended route is via the UI, but when the estate is large and there are many forwarders, then it becomes quite a task to determine which content packs are relevant to each of the target agents.

It would be fantastic (and... more »

Feature Requests

Enable parser selection and configuration on server or forwarder

Use case:

1) There is no way to use an agent and logs are not getting properly parsed on the server

2) Agent is installed, but administrator prefer not to risk any additional load on the source system caused by agent-side parsing

 

Solution: configure parsing (analogue to agent-side parsing) on the server or dedicated forwarder