VMware Log Insight Search Ideas

As a vRealize Log Insight administrator, I need the ability to assign the "master" responsibilities to different node in the Log Insight cluster because...

...the node which is currently master is damaged due to an underlying infrastructure problem.

...I am decommissioning some or all of the nodes in a cluster I intend to replace.

For authenticating to log insight, the default ttl is 1800. How can I increase the ttl duration? Any references online?

I could not find an answer so far. Thank you.

For example,

{

"userId": "16eaf14b-4a95-47fc-a97d-e25056cc8dfe",

"sessionId": "3ImH8sDDr....Yx9kFvhs=",

"ttl": 1800

}

Instead of using the Agent or Importer to parse a log file and submit to Log Insight's events ingestion api, I want to upload a textual log file to the Log Insight cluster and parse it there.

debug the powershell script

How can I debug "Exchange envirotment" script? I can run it. But it cannot product the output file.

Log bundles provided to vmware sometimes do not have the info needed to troubleshoot an issue because the logs of interest are no longer present. We need to wait for the next occurrence of the issue and then generate a new log bundle immediately. If this happens outside office hours the necessary logs can be missed again. It should be possible for an alert to trigger an action such as generate log bundle (or run a script).... more »

We would like to add some conditions on the query. Today we have our monitoring which is working with codes as "200" to "399". So ours probes are switching codes all time, sometimes with a very little time between changes. The aim of this feature request is to provide a way to display events according to some conditions like : - if my field A is containing "200" - if in the following 30 minutes, the field A is switching... more »

The ability to have Log Insight perform a bi-directional look up to provide us with the host names associated to IP address' listed in log content (and vice versa) will enhance general troubleshooting.

This feature is already available in other logging products such as KIWI.

It would be really nice to have Geographic pinning similar to a lot of firewall tools & SIEM system where each outgoing IP address are pinned to a global map to have overview of where the traffics are going.

Outbound User-Alert notifications (email, webhooks, vrops) contain links back to the Log Insight Cluster. If there is more than one VIP present, the links refer to the cluster by the first (sorted by IP) FQDN. This may not be the preferred identity for user interaction.

Enhancement: Provide an administrative override to specify an arbitrary FQDN for generating self-referential links, as used in alert notifications.

A Install Parameter for the Agent to enable or disable SSL would be useful.

We are not able to save new or modified Agent groups after Update from 3.6 to 4.0.

After clicking save only circle on the button turns.

The vLI Appliance does not renew the ARPs for the VIPs. On boot and during each modification of the VIP new ARPs are generated. But when the ARP Entry on the Windows boxes is timed out the appliance doesn’t reply the new Requests.

In the list of Agents in Administration UI the SSL State of the Client would be useful .

When Multiple Virtual IP Addresses are configured the recently added VIP is the default for the agent default Configuration.

This should be selectable. Otherwise wrong tags are maybe added…

As a vRLI administrator, I would like to manage how much resources are devotes to performing queries for different tenants on the same vRLI cluster because I want to avoid the noisy neighbor problem if one tenant is performing a disproportional number of queries relative to other tenants.