I need data from log entries in both "cafe: catalog" AND "cafe: composition-service". The Dashboard I am trying to create will have a table with the following fields and can't do that without this future feature: vmw_vra_request_num, Extracted field LongReqNum, Tenant, Extracted field Tenant Name, Extracted Field SettingRequestAs, vmw_vra_cat_item_name, vmw-vra_req_service, vmw_vra_requested_for_user Date Entered: 1/25/2018 ...more »
In the vsphere content pack, there is a pane under vcenter server overview where it Counts "vcenter servers integrated". This Count is very wrong, as it Counts occurences of the Word vcenter-server (despite showing it should Count Sources) instead of unique hostnames. In my installation it therefore shows 71 vcenters, instead of the 4 it should be. The reason is that the loginsight also receives logs regarding DRS rules, ...more »
Upon request from our security people, I have made a PowerShell module that collects non-log data from AD and pushes it as logs to the loginsight server. This way they can have a Dashboard of data that is either not accessible from logs, or where log retreival would mean a massive search from all data available, and thus very slow searches. I have built this in this way: 1. Powershell scripts running as scheduled jobs ...more »
Had en issue - created an content pack 🙂
So here it is the HP OA content pack. All there is required is to set HP OA til send syslog to log insight.
It has three dashboards - Overview, changes and authentication.
Overview gives you quick insight to changes and problems in your environment.
Changes - is all about changes made by humans
Authentication - shows login attempts and failures
I would like two features for the dashboards. 1. A line denoting a configured threshold. 2. The ability to set a "top ten" limit on a dashboard instead of displaying all of the similar events.
When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.
Currently there are only some few time ranges possible: 5 minutes, 1h, 1d, 2d and custom. With custom only possible to define a fixed range. It would be nice to have a greater range of options. I love how Graylog is managing that. You can, for instance, define "Since Midnight" and then getting all message... well you guest it... since midnight. Or "Last Week", Today, Last Month ... you get it. For starting it would be ...more »
Query lists can get quite large with dozens or hundreds of items inside. Allow the user to sort the query list by result. E.g. if a query returns "Has Results" show them on top. This makes it easier to focus on the relevant results. In addition the title bar of a query list shall display the amount of queries. Once the user has executed them (green play button), also display the amount of queries with "Has Results". ...more »
I was working on making a presentation of different values, and it struck me that it was exposing a lot of different values. One Place i got a Count, and another Place i had MB while on the NeXT one there was bytes. In making comparative Dashboards there should be the ability to use a Math factor for either multiplying or dividing the number you have, so you can alter the exposed value to the desired resultset.
We have some users that want to build dashboards for our entire team to consume but we don't want to give them (or their group) privileges to create arbitrary content. It would be nice if there was a feature that allowed you to promote content created by users to be shared by everyone.