It would be very useful to be able to define host groups whether the client is an agent or a syslog devices to be used in queries or to even tag events which are from these groups. It's an overhead having to create forwarding rules to tag logs on forwarders as we don't give dashboard users access to forwarders it would be much simpler to allow them to create a group of hostnames and allow that group to be used in queries. ...more »
I was working on making a presentation of different values, and it struck me that it was exposing a lot of different values. One Place i got a Count, and another Place i had MB while on the NeXT one there was bytes. In making comparative Dashboards there should be the ability to use a Math factor for either multiplying or dividing the number you have, so you can alter the exposed value to the desired resultset.
The ability to have Log Insight perform a bi-directional look up to provide us with the host names associated to IP address' listed in log content (and vice versa) will enhance general troubleshooting.
This feature is already available in other logging products such as KIWI.
The ability to add a second Timeframe with the same Search and Filters in the same Chart will be awesome. It can be used to compare Results.
Maybe it can also be used for a new Alert Triggers. E.g. differs 50% from last week…
It would be nice to be able to add a widget that has the power to update other widgets on the same dashboard. The use case would be for widgets that are aggregating data from many hosts, and you want to quickly add a filter to all of them to see the scope narrowed to a single host or tag value. This would be of particular benefit for helping search through log bundles uploaded from the import tool, as user-specified ...more »
When group by a field in a chart it would be great if I can associate an expected value with always the same color. Use case: I want to monitor my automation test logs in LI I have built proper query that returns the executed tests grouped by their result. I know that possible result value could be PASSED, FAILED or SKIPPED. So I want in my chart PASSED to be marked always with green, FAILED with red and SKIPPED with ...more »
It would be nice to allow selection of an event to add an additional column into the event view displaying the time offset between the selected event and visible events.
Selecting an event which happened at 2015-08-08T10:00:00.
Then events which happened in the past (Say 2015-08-08T09:50:30) could display "T - 9M30S"
and events in the future could display "T + 9M30S"
Currently when building a query in Interactive Analytics, all of the filters can use AND logic or they can all use OR logic. You can create different groups with different pieces of logic like:
(f_1 AND f_2) OR (f_3 AND f_4)
This would help me condense multiple components in some of our dashboards into one component
When you save a query to your favorite queries, it saves all the search and graphic conditions in addition to the EXACT time range was used. Even if you used the LAST 24 hours for example, that gets translated to 5am-5am for example when you pull it up from favorite queries. It would be great if there was an option to let the query to be set to "last 24 hours" or "last 6 hours" and that time is dynamic based on when it's ...more »
Log Insight should facilitate understanding transactional flows, where a group of log messages tell a story together. The transaction identifier should be definable in content packs and by users, similar to an extracted field. For example: - vCenter, vpxa and hostd tasks are identified by an opID, relating task Start, Finish and subtasks within. - ESXi vMotion tasks are identified by an MigID, relating Source and Destination ...more »
Allow log insight to analyze internal (linux and application) logs in the same instance. Currently it is not supported to redirect log insight logs to itself.
Allow user-specified # of lines to display on screen (rather than forcing 50 as a limit).
Maximize effectiveness of displayed data: Allow to adjust column width in field table view
I love that the 1.5 version includes related kb articles in the notes section of each query in the content pack. I'd like to see this taken further. Add a link to the KB each log result from a search.