Badges [ 10 ] [-]
Activity Stream [+]
Ideas Contributed [ 16 ] [+]
The importer today does not support uncompressing bz2 -- it should especially given that VMware support bundles use bz2.
Microsoft (until recently) has not natively supported syslog. Event viewer's native format is XML. While the LI agent can collect event viewer logs, it formats them in a proprietary way. It would be ideal to collect in a standard format so when forwarding such events to a third party syslog destination (e.g. SIEM) the third party could properly parse it (without a custom parser). XML is that standard for Microsoft. ...more »
Today Log Insight can send alerts via email and vR Ops. Webhooks would provide the ability to sent REST out which would allow for integrations with a variety of products including Socialcast, Slack, PagerDuty, vRO, etc
There are several cases where binary log analysis is necessary:
* Database trace files
* VSAN profiler logs
* HTML 2.0 files
* systemd (e.g. RHEL 7)
The agent needs to support these
LI has default port for UI (80/443), syslog (514/1514/6514) and cfapi (9000/9543), but no ability to change these ports.
Desire to have a lookup table for IP addresses to geolocation and then the ability to display a geo-map with the results
Today there are Custom Dashboards (My and Shared) and Content Pack Dashboards. Under Custom Dashboard there needs to be a RBAC Dashboards. RBAC Dashboards should be Dashboards assigned to one or more RBAC roles. The idea is that a role, which is typically assigned to a group of users, needs access to shared dashboards that are private to the role (group). Today, the options are to use Shared Dashboards, but these are ...more »
Some people have expressed an interest to export more than 20K events from LI. Unfortunately, the UI does not support this currently. You can however dump more events from the CLI. I have created a script that does just that by dumping a set number of buckets to the filesystem. You can of course modify this to search for and only export the particular events you care about on a per bucket basis. Try it out and let me ...more »
Currently, the Log Insight virtual appliance is set to UTC time, but when querying logs through the HTML 5 interface the logs are always shown in the local time of the browser. This issue becomes for environments where all monitoring devices are set to UTC and the browser accessing Log Insight is not in UTC. In this case, the Log Insight monitoring tool will be out of sync with the other monitoring tools in the environment ...more »
Today, searches are based on previous data and are static for a run query. Need the ability to stream queries realtime and see results in realtime (similar to tail -f on Linux)
Dashboards make it possible to view data visually over time and alerts make it possible to get notified about events seen in the environment. What is needed is true reporting and more specifically: * Scheduling of when to run reports (both time of day and frequency) * Ability to at least email reports (pdf, html, and csv should be supported at a minimum) * Ability to include dashboards in reports (including legends) ...more »
Allow user-specified # of lines to display on screen (rather than forcing 50 as a limit).