Flexible AND/OR logic needed for building queries

Currently when building a query in Interactive Analytics, all of the filters can use AND logic or they can all use OR logic. You can create different groups with different pieces of logic like:


(f_1 AND f_2) OR (f_3 AND f_4)


This would help me condense multiple components in some of our dashboards into one component

vRLI - Catalog Requests - needs "AND" "OR" Dashboard Query abilities

I need data from log entries in both "cafe: catalog" AND "cafe: composition-service". The Dashboard I am trying to create will have a table with the following fields and can't do that without this future feature: vmw_vra_request_num, Extracted field LongReqNum, Tenant, Extracted field Tenant Name, Extracted Field SettingRequestAs, vmw_vra_cat_item_name, vmw-vra_req_service, vmw_vra_requested_for_user Date Entered: 1/25/2018... more »

Improvement to query lists

Query lists can get quite large with dozens or hundreds of items inside. Allow the user to sort the query list by result. E.g. if a query returns "Has Results" show them on top. This makes it easier to focus on the relevant results.

In addition the title bar of a query list shall display the amount of queries. Once the user has executed them (green play button), also display the amount of queries with "Has Results".... more »

Ability to schedule alert queries

We have some alert queries we want to set up that check to see if a particular job ran by reading the log files for those jobs and firing an alert if the query doesn't have any results. We can set up this job today, but the query will run at pre-set intervals. We know exactly when our jobs will run so we'd like to be able to schedule the query to cover a certain time range and limit it's scope rather than expand the scope... more »

Should be able to delete content from Content Packs section

When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.

Dynamic Fields in Alert Definition Name

I`m not aware of such feature if I`m wrong please correct me.

It would be very very useful to be able to use fields in alert definition and fields to be populated based on their actual value when the alert triggers.

We are sending alerts to vROPS.

Let`s take an example:
I want to monitor when a vRO Workflow fails but I need to create an alert for each Workflow that runs into infrastructure in order to actual give some... more »

Additional time ranges

Currently there are only some few time ranges possible: 5 minutes, 1h, 1d, 2d and custom. With custom only possible to define a fixed range.
It would be nice to have a greater range of options. I love how Graylog is managing that. You can, for instance, define "Since Midnight" and then getting all message... well you guest it... since midnight. Or "Last Week", Today, Last Month ... you get it.
For starting it would be... more »

Offer assistance with queries that take too long

Today, when performing a query that takes a long time, we display a progress bar and a pause button where the log messages are displayed.

If a query takes longer that several seconds to complete, the vRLI UI should offer tips while the query is completing. For example..

"Your date filters include X days and Y events, you may want to consider reducing the length of time..."
"Your filters do not include a hostname, you... more »

Execute named query (dashboards, saved search, etc) via query API

Log Insight's Query API allows the expression of an arbitrary query directly. But Log Insight's UI also allows authorship of queries -- alerts, dashboards, saved queries and even share urls all fundamentally refer to a query Log Insight knows about.


Expose a query API endpoint which performs a query based on the name/id of a specific saved construct, without the API client needing to recreate the underlying query.