Badges [ 6 ] [-]
Activity Stream [+]
Ideas Contributed [ 9 ] [+]
It would be beneficial for capacity planning, if there was a field that would display the total amount/size of log similar to how Splunk does (as shown in the attached screenshot). I do understand that there are capacity emails that are sent, and they do show the "at the time average" of volume ingested per day, but there is nothing that can be looked at, at any time. If this could update every 4-12 hours, that would ...more »
Allowing external/internal application, or other VMware productions, the ability to query, or formulate queries would be highly beneficial.
Currently, the notifications about retention and archive time are sent via email. A method to see this, in real-time, or say every 30/60 minutes through the console GUI would be very beneficial.
Having to setup each log forwarder as a stand alone console, is quite excessive. Adding the ability to manage the syslog/event forwarders from a centralized console, will greatly increase the value of the syslog/event forwarding ability.
It would be awesome if there could be a Content Pack for Linux's auditd. This could be used to identify when someone fails to login as root, or attempts, when a file has been accessed or touched, elevated privileges have been attempted and many more uses.
Currently there is no method of backing up the Log Insight database or configuration files from the Log Insight Console. Providing a method of backing up manually, or on a scheduled time frame, would provide a benefit for off site backup, and disaster recovery solutions.
With the addition of the data sets functionality, more granular defining should allowed. Currently, it allows or disallows based off text or strings that can be inputted into interactive analysis, but does not allow more fine tuning. A feature that would be very beneficial, is to allow or disallow search queries for logs/events that have been ingested from specific workers, agents, or forwarders. This would push the ...more »
Currently there is no alerting when Log Insight Master or Worker is not receiving logs/API events from its workers or agents. Part of the PCI compliance requires notification when a stoppage of logs is detected.
If this could be an alarm, or an automated email that is sent out, and have the ability to set certain thresholds (no logs within 30 minutes, 60 minutes, 3 hours, etc), that would be great.
Currently, Log Insight can only use an NFS share on the master installation. Being able to either attach another vmdk, or have the ability to manually download them could benefit users that do not utilize NFS shares. Additionally, there is currently no method for adding a specific NFS (or other) share for worker installations that are in separate geographical locations. If this option was enabled, or created for worker ...more »