Ability to drop events after period of time based on level

We have a use case where we would like to have Log Insight drop all events of a certain severity (example: TRIVIA and below) after a week. Using this selective trimming it would allow us to have a normal retention period of our normal data because the volume associated with trivia logging would not be persistent over a week. Obviously, the level and retention period should be user defined.

Allow alerting on messages seen within certain timeframes.

When monitoring an environment you may expect messages within a certain timeframe (Backups within the defined backup windows). However seeing these messages outside the normal windows is a cause for alarm / investigation.

Log Insight should allow setting a timeframe criteria for alarms so that users can setup alerts for defined abberant behaviour.

Backups running outside backup windows. Logins outside business hours.... more »

Display relative time offset between events in event view.

It would be nice to allow selection of an event to add an additional column into the event view displaying the time offset between the selected event and visible events.


For example

Selecting an event which happened at 2015-08-08T10:00:00.

Then events which happened in the past (Say 2015-08-08T09:50:30) could display "T - 9M30S"


and events in the future could display "T + 9M30S"