Badges [ 10 ] [-]
Activity Stream [+]
Ideas Contributed [ 19 ] [+]
Log Insight's Forwarder supports Syslog and CFAPI (HTTP+JSON) today. The Forwarder should be extended with an additional serialization format, conforming to the Windows Events XML schema. Standard Windows Events' XML attributes should be reconstructed from standard Log Insight field=value pairs.
This aligns with http://loginsight.vmware.com/a/idea-v2/211076
Log Insight archives to an NFS export. When space is exhausted, archiving will fail. Prior to that point, at some configurable space-remaining threshold, Log Insight should send a system alert indicating the approaching exhaustion. Such monitoring can be done from the NFS server or another client. But as the primary consumer of the space, and thus the primary entity affected by lack of space, Log Insight has a duty to ...more »
Outbound User-Alert notifications (email, webhooks, vrops) contain links back to the Log Insight Cluster. If there is more than one VIP present, the links refer to the cluster by the first (sorted by IP) FQDN. This may not be the preferred identity for user interaction.
Enhancement: Provide an administrative override to specify an arbitrary FQDN for generating self-referential links, as used in alert notifications.
Queries can be defined in the Log Insight UI in many places, such as Dashboards or Saved Queries or Alerts or even the Share shorturl. It is difficult to translate these queries to the format necessary for the Query API.
Provide an API to execute a pre-existing UI-authored Query by its persistent name/id.
Could be used when constructing a custom portal or when emailing a dashboard snapshot.
Log Insight's Query API allows the expression of an arbitrary query directly. But Log Insight's UI also allows authorship of queries -- alerts, dashboards, saved queries and even share urls all fundamentally refer to a query Log Insight knows about.
Expose a query API endpoint which performs a query based on the name/id of a specific saved construct, without the API client needing to recreate the underlying query.
There should be a YUM and APT repository serving the Log Insight Agent. The repository should be hosted on vmware.com somewhere (e.g., https://packages.vmware.com/tools/esx/latest/index.html alongside VMware Tools) and on the Log Insight Server. An administrator or configuration management tool should be able to add this repository to the OS's native package management. Provide documentation for running `rpm --import` ...more »
Rare and significant events can often be characterized as Alerts notifying someone or something of an important event. Other log events are of special interest only in context, and do not alone necessitate alerting. These interesting log events can be lost in the noise of chatty systems. When directly reading logs in Interactive Analytics mark some Interesting log events should be annotated with additional information. ...more »
AWS CloudTrail is a web service that records API calls made during AWS infrastructure provisioning, including time of the call and identify of the caller.
Log Insight should natively consume events from AWS LogTrail, such as via the CloudTrail Processing Library consuming from an AWS SQS queue. Should not require running external services and should be enabled similarly to vSphere Integration.
Allow users to consume values with human-readable units.
It is not unusual to have log messages saying things like "transferred 1581407271142 bytes". Which is not hard to mentally map into 1.58e12 bytes or 1.58TB. But "95047670 milliseconds" is much easier to read as "26.4 hours".
Given a single log message (or lots) which resemble "message x=1 y=2", it is possible to create extracted fields for X and Y, and to graph the average of X and Y over time. It's also possible to render AVG(X) and AVG(Y) as a pair of scalar values.
Feature request: Ability to graph the scalar single values AVG(X) and AVG(Y) on the same graph, such as a Pie Chart.
When configuring ESXi hosts to send messages via syslog, the ESXi hosts need to be configured to trust the public key of the Log Insight server. Today this needs to be done by hand. Manipulating the ESXi host's CA trust store is done via "esxcli system security certificatestore", and esxcli is already used to read and manipulate the ESXi host's syslog configuration itself. Log Insight should support automatically pushing ...more »