I need data from log entries in both "cafe: catalog" AND "cafe: composition-service". The Dashboard I am trying to create will have a table with the following fields and can't do that without this future feature: vmw_vra_request_num, Extracted field LongReqNum, Tenant, Extracted field Tenant Name, Extracted Field SettingRequestAs, vmw_vra_cat_item_name, vmw-vra_req_service, vmw_vra_requested_for_user Date Entered: 1/25/2018 ...more »
My customer (DaVita) is looking for a way to query LI, check when the last time it received logs from connected ESXi hosts, and if the time is greater than x, automate the restart of syslog on the host.
Additional conversation around this topic can be found here: https://vmware-com.socialcast.com/messages/36422396?ref=stream
When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.
Currently there are only some few time ranges possible: 5 minutes, 1h, 1d, 2d and custom. With custom only possible to define a fixed range. It would be nice to have a greater range of options. I love how Graylog is managing that. You can, for instance, define "Since Midnight" and then getting all message... well you guest it... since midnight. Or "Last Week", Today, Last Month ... you get it. For starting it would be ...more »
Please see the attached screendump. The trend chart is showing a downwards trend. When I hover the mouse over the icon it shows that there is not difference in past and present trend/the trend is so small that there is little to no difference in the trend.
This is misleading in the sense that the trend is almost non existing
Query lists can get quite large with dozens or hundreds of items inside. Allow the user to sort the query list by result. E.g. if a query returns "Has Results" show them on top. This makes it easier to focus on the relevant results. In addition the title bar of a query list shall display the amount of queries. Once the user has executed them (green play button), also display the amount of queries with "Has Results". ...more »
When using the API to perform a query, we are unable to use extracted fields are constraints when defining the query.
NOTE: Although the query returns extracted fields, it does not accept extracted fields.
How can I log the logins from the administrator and other users on the LogInsight user interface and dashboards?
I want to be able to make more advanced (PIQL?) queries to LI. For example: 1. Apply functions (i.e. regex, arithmetic, logic, type conversion) on one or more existing fields, i.e. a. sum: fieldA + fieldB b. fieldA OR fieldB c. REGEX(fieldA, pattern) d. CAST('10.2' AS DECIMAL) e. CAST(SUBSTRING(fieldA, 0,10) AS DATETIME) 2. Create custom fields: a. DATE() AS today b. expressionA - expressionB ...more »
would be great if we could use the same filters as in "interactive analytics" for "new data set". At the moment there are just a few fields available. For example we would like to create a data set for some users so that they can only see events where "text"-field matches a regex query or certain words or e.g. the "event_type" field is a certain type. Custom extracted fields are also not available for data set filters. ...more »
We would like to add some conditions on the query. Today we have our monitoring which is working with codes as "200" to "399". So ours probes are switching codes all time, sometimes with a very little time between changes. The aim of this feature request is to provide a way to display events according to some conditions like : - if my field A is containing "200" - if in the following 30 minutes, the field A is switching ...more »
The ability to have Log Insight perform a bi-directional look up to provide us with the host names associated to IP address' listed in log content (and vice versa) will enhance general troubleshooting.
This feature is already available in other logging products such as KIWI.