I love that the 1.5 version includes related kb articles in the notes section of each query in the content pack. I'd like to see this taken further. Add a link to the KB each log result from a search.
Let us know what will make Log Insight even better! Add new ideas & vote on other feature ideas to let us know what's important to you.
In our environment we have different needs for log retention. For example my vsphere logs can be aged after a month while my firewall logging should never be deleted.
so i would like to have a retention option per host or something.
When troubleshooting vCenter Log Insight performance, it would be helpful if it could send statistics to vcenter operations manager.
Sometimes log messages contain embedded data with a fixed standard format, like XML, JSON or CSV, either when logging about configuration/state information or when the messages aren't really logs. Attempting to parse out any of these formats with regular expressions is difficult (and in the case of XML, strongly discouraged), especially when the structure includes nesting, lists or esoteric quoting/escaping rules. For... more »
An administrator may deem some messages undesirable, either specific logs produced by a source or a whole source. Such messages may result in CPU/disk resources being expended unnecessarily. Undesired log messages may result in Log Insight's data store being rotated more quickly than desired. In terms of licensing, one may wish to drop log messages from unlicensed sources, restricting sources from which log messages are... more »
I was wondering if you guys could make the data be zipped/dedupped during the night? If it already does dedup or something I guess its fine but it would seem that log insight takes a lot more space then our other logging system. We are trying to move everything to log insight but space constraints don't seem to be matching up.
Provide the ability to dump raw events more than 20K at a time. The user should have the ability to run an export query and retrieve the results. (eg. User provides a date range and requisite filters.)
From a customer "I noticed that Log Insight can only communicate with one instance of vROps. We currently have two instances of vROps because we exceeded the metrics allowed in the first instance. I’m not sure if this will be possible in future releases, but it would be beneficial to be able to communicate with more than one vROps instance."
Extend vR Ops to integration beyond notification and launch in context: deliver metrics (i.e. number of events, number of error / warning events, number of tasks, kernel warnings, VOB events) to vROps and match it to existing vROps objects (vCenter, hosts, VMs).
Dashboards make it possible to view data visually over time and alerts make it possible to get notified about events seen in the environment. What is needed is true reporting and more specifically: * Scheduling of when to run reports (both time of day and frequency) * Ability to at least email reports (pdf, html, and csv should be supported at a minimum) * Ability to include dashboards in reports (including legends)... more »
The agent should support globs (asterisk and wildcard) for folders. THe use case is IIS where multiple domains exist on the same server. Something like this
So then I could make one that does them all type thing.
Globs are supported for files so this is an inconsistency in the product as well.
Currently, Log Insight can only use an NFS share on the master installation. Being able to either attach another vmdk, or have the ability to manually download them could benefit users that do not utilize NFS shares. Additionally, there is currently no method for adding a specific NFS (or other) share for worker installations that are in separate geographical locations. If this option was enabled, or created for worker... more »
Hi! we use puppet to configure our systems. sometimes loginsight module is loaded before the component it is going to monitor, springtc for example. the liagent.ini has a path to springtc logs directory, but since it is not built yet - loginsight gets an error and marks it dormant...
we need a “retry” option for each channel – if path does not exists loginsight agent should retry without requiring a restart.
Currently there is no alerting when Log Insight Master or Worker is not receiving logs/API events from its workers or agents. Part of the PCI compliance requires notification when a stoppage of logs is detected.
If this could be an alarm, or an automated email that is sent out, and have the ability to set certain thresholds (no logs within 30 minutes, 60 minutes, 3 hours, etc), that would be great.
Log Insight should facilitate understanding transactional flows, where a group of log messages tell a story together. The transaction identifier should be definable in content packs and by users, similar to an extracted field. For example: - vCenter, vpxa and hostd tasks are identified by an opID, relating task Start, Finish and subtasks within. - ESXi vMotion tasks are identified by an MigID, relating Source and Destination... more »