Feature Requests

Alert when log source is not sending logs

Currently there is no alerting when Log Insight Master or Worker is not receiving logs/API events from its workers or agents. Part of the PCI compliance requires notification when a stoppage of logs is detected.

 

If this could be an alarm, or an automated email that is sent out, and have the ability to set certain thresholds (no logs within 30 minutes, 60 minutes, 3 hours, etc), that would be great.

Submitted by (@patrickd)

Voting

52 votes

Feature Requests

Need true reporting capabilities in Log Insight

Dashboards make it possible to view data visually over time and alerts make it possible to get notified about events seen in the environment. What is needed is true reporting and more specifically: * Scheduling of when to run reports (both time of day and frequency) * Ability to at least email reports (pdf, html, and csv should be supported at a minimum) * Ability to include dashboards in reports (including legends) ...more »

Submitted by (@steveflvmware.com)

Voting

50 votes

Feature Requests

Drop specific incoming messages

An administrator may deem some messages undesirable, either specific logs produced by a source or a whole source. Such messages may result in CPU/disk resources being expended unnecessarily. Undesired log messages may result in Log Insight's data store being rotated more quickly than desired. In terms of licensing, one may wish to drop log messages from unlicensed sources, restricting sources from which log messages are ...more »

Submitted by (@acastonguayvmware.com)

Voting

35 votes

Feature Requests

Transaction support

Log Insight should facilitate understanding transactional flows, where a group of log messages tell a story together. The transaction identifier should be definable in content packs and by users, similar to an extracted field. For example: - vCenter, vpxa and hostd tasks are identified by an opID, relating task Start, Finish and subtasks within. - ESXi vMotion tasks are identified by an MigID, relating Source and Destination ...more »

Submitted by (@acastonguayvmware.com)

Voting

31 votes

Feature Requests

Support globs for filelog directory option in Windows Agent

The agent should support globs (asterisk and wildcard) for folders. THe use case is IIS where multiple domains exist on the same server. Something like this

 

directory= E:\sitecoredata\*\Data\logs

include=log*.txt

So then I could make one that does them all type thing.

 

Globs are supported for files so this is an inconsistency in the product as well.

Submitted by (@jacob.curran)

Voting

26 votes

Feature Requests

Deduplication of Data

I was wondering if you guys could make the data be zipped/dedupped during the night? If it already does dedup or something I guess its fine but it would seem that log insight takes a lot more space then our other logging system. We are trying to move everything to log insight but space constraints don't seem to be matching up.

Submitted by (@jacob.curran)

Voting

20 votes

Feature Requests

Feature Request - Using Log Insight as a Forwarder and retaining source IP

We are using a third party SIEM. Due to the layout of the network and security requirements, we can only use log insight if it can forward all syslog and event log data to our SIEM. The problem is that the SIEM relies on the source IP of the system that generated the syslog data to be able to do its analytics. It creates a log source for each new syslog packet with a distinct IP address. We would like to use Log Insight, ...more »

Submitted by

Voting

19 votes