Compare extract fields on same access.

We need to have a feature where we can compare the extract fields on the same axis. Here is the reason why we need this feature especially when analyse GC logs.

Use Case:
Say i am using Log Insight to analyse the GC logs. The GC logs will have Initial Heap Size and the Final Heap Size. If we can have a feature where user can decide the axis to compare the extract fields, this will help us interpret the data better.... more »

More advanced query DSL

I want to be able to make more advanced (PIQL?) queries to LI. For example:

1. Apply functions (i.e. regex, arithmetic, logic, type conversion) on one or more existing fields, i.e.
a. sum: fieldA + fieldB
b. fieldA OR fieldB
c. REGEX(fieldA, pattern)
d. CAST('10.2' AS DECIMAL)

2. Create custom fields:
a. DATE() AS today
b. expressionA - expressionB... more »

Enrich log records

We would like to be able to enrich log records with info from an external sources (add custom tags for incoming/existing logs based on a query to an external service) like vROPS does.


Use cases:

a. Query GeoIP Web Service for IP’s location

b. Query CMDB via HTTP/LDAP for additional information (e.g. customer name, related services, server role, environment ….)

Add condition to query

We would like to add some conditions on the query. Today we have our monitoring which is working with codes as "200" to "399". So ours probes are switching codes all time, sometimes with a very little time between changes.

The aim of this feature request is to provide a way to display events according to some conditions like :
- if my field A is containing "200"
- if in the following 30 minutes, the field A is switching... more »