General Log Insight Q&A

General Log Insight Q&A

Lookup field value

We have syslogs in LI with key-value pairs, and we'd like to show "lookup" values in LI dashboards. For example:

 

...bytes_in=100 protocol=6 ... or bytes_in=200 protocol=17...

 

We'd like to display protocols as TCP for 6 and UDP for 17 (and so on). Is there a way to do this in LI?

Submitted by (@svelednitsky)
2 comments

Voting

3 votes

General Log Insight Q&A

vROps alert integration

Has anyone has issues with this integration just stopping? I had it working for a month and then it just quit on me. I've opened up a case, but the engineer can't figure it out either. I can create test alert emails that work just fine. Also Launch In-Context works just fine as well so the integration partially works. I've sold the integration between Log Insight and vROps to users around my company. Quite a few are waiting ...more »

Submitted by (@travis.randolph)
10 comments

Voting

0 votes

General Log Insight Q&A

upgrade from 4.0 to 4.3 failed on pre-validation

upgrade from 4.0 to 4.3 failed on pre-validation

Submitted by (@syu000)
2 comments

Voting

0 votes

General Log Insight Q&A

Which host is sending more logs? How do I schedule a report to generate and email ?

IHAC, who wanted to know which host is generating more events and ingesting to the vRLI server .

 

Also he wanted to create a generate which can be scheduled to run every day and email the results.

 

Thanks

Jagadeesh

Submitted by (@jagadeesh)
Add your comment

Voting

0 votes

General Log Insight Q&A

How to influence event_type

Hi

 

I was hoping that I could use machine learning(event trends), to look at firewall logs. But as it sees the firewall logs as one event type, nothing useful can be gain from this.

 

Is there a way to influence or manipulate how the event type is found ?

 

Like I stated I want to use machine learning to see if "new" network patterns happens over time

Submitted by (@michaelryom)
2 comments

Voting

1 vote

General Log Insight Q&A

syslog compression

Does log insight have compress in the server?

Submitted by (@syu000)
1 comment

Voting

0 votes

General Log Insight Q&A

agent machine shows under hosts

IHAC, who installed and configured a windows agent in one of the Windows 2012 machines and pointed to redirect all the logs to VIP ( integrated load balancer) .

 

However the hostname of the windows box is showing up under Hosts instead of Agents tab (in administration tab)

 

Customer do want to know why it's shown under hosts and how to remove the hosts which displayed under hosts tab manually

 

Thanks

Jagadeesh

Submitted by (@jagadeesh)
3 comments

Voting

0 votes

General Log Insight Q&A

vRealize Log Insight 4.0 is now Live!

On behalf of the Log Insight team, I'm happy to announce that vRealize Log Insight 4.0 is now GA and live on www.vmware.com. GA Date: November 15th, 2016 What's New General vSphere 6.5 compatibility System Notification enhancements Support for custom SSL certificates in the vCenter Server edition Support for Spanish locale (ES) UI Items New overall User Interface based ...more »

Submitted by (@yogitap)
Add your comment

Voting

0 votes

General Log Insight Q&A

Upgrade from 2.5 to 3.3.2 license error

I just upgraded from GA 2.5 to GA 3.3.2, and the upgrade worked smooth. Removed the 1.x/2.x license and added the 3.x license, but up on the title bar I have this

“Warning: Evaluation License (more)”

When you click on that, it will give you the option to go to the Eval page, or the cluster page.

This install was never an eval install, always a licensed version. Any ideas how to get rid of this?

Submitted by (@rich.craighill)
2 comments

Voting

0 votes

General Log Insight Q&A

Microsoft Robocopy Log Parser

We have multiple robocopy jobs in our environment logging to text files. I am curious if anyone has a log parser that would make the robocopy log data more readable and useful in Log Insight?

Submitted by (@brianladish)
3 comments

Voting

0 votes

General Log Insight Q&A

Source not being maintained on forwarded messages

I am using the Ingest API for forwarding per the documentation but when I check the messages at the destination all the "source" field values are the IP of the forwarder and not the originator.

Has anyone else seen this?

Submitted by (@richard.schneider)
Add your comment

Voting

0 votes

General Log Insight Q&A

LI agent download over HTTP

With v3.6 of LI, is it possible to programmatically download the LI agent over unsecured HTTP? Previously, an API call had to be made over HTTPS, which poses a problem for scripting a download for the Windows agent, for example. I'm looking for the simplest way to retrieve the LI agent from the LI cluster (not cache it on a fileserver) so an application blueprint can more easily be made for vRA and added as a component. ...more »

Submitted by (@chipzoller)
2 comments

Voting

0 votes