Badges [ 7 ] [-]
Activity Stream [+]
Ideas Contributed [ 13 ] [+]
In the Content Packs section for Log Insight, if you look at the Shared Content, there is a tab for Alerts, but you can't build any shared alerts. It would be really useful to be able to make user level alerts shared with everyone.
When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.
We have some users that want to build dashboards for our entire team to consume but we don't want to give them (or their group) privileges to create arbitrary content. It would be nice if there was a feature that allowed you to promote content created by users to be shared by everyone.
I was trying to set up a content pack that included a csv parser in the agent configuration that was being pushed out. Because the actual log files contained extra fields that weren't defined in the parser, no fields were getting tagged appropriately. I was able to find this out and fix it eventually, but the Log Insight agent log didn't give any indication that this was happening. It would have reduced my troubleshooting ...more »
It would be nice to know without having to write a query how old the oldest data in the system is. If we could track this per host sending data, that would be even better.
The alert type that uses grouping from the alert query doesn't allow an alert to be trigger when only one match is found (assuming count is metric being displayed in the grouping query). It's true that the "on any match" option will take care of this, but the emails sent by these alerts don't include the information we would like to see when configuring an alert that uses grouping.
Agent Groups can be used to push out Log Insight agent configuration to groups of LI agents. Unfortunately, it doesn't look like the hostname key under [server] can be set using this. We have multiple Log Insight clusters that we want to send data to. The way we push out the LI agent, we can't differentiate which LI cluster we want an agent to send data to so I tried to use Agent Groups to do this, but it doesn't work. ...more »
The new agent groups ability in Log Insight 3.0 is really helpful but could be made event more useful. In my environment, I've got a lot of VMs that I want to make similar agent config changes to that have a similar naming patter but don't follow the matches, does not match, starts with, and does not start with options currently available for filtering agents. Adding the ability to filter by a RegEx would be extremely ...more »
We have some alert queries we want to set up that check to see if a particular job ran by reading the log files for those jobs and firing an alert if the query doesn't have any results. We can set up this job today, but the query will run at pre-set intervals. We know exactly when our jobs will run so we'd like to be able to schedule the query to cover a certain time range and limit it's scope rather than expand the scope ...more »
We have some text logs that we want to send to log insight, but not all of the data in them is useful and we would like to filter it out before it gets to Log Insight since there can be a lot of it and we don't want to flood the system. It would be nice if we could add a regex filter in the liagent file for text files or something similar so we filter the data that makes it to Log Insight.
Does anyone have a good method for pushing out liagent configuration to VMs that serve a variety of functions? For example, we have VMs running SQL Server, IIS, AD, etc. We would like to push out the liagent config needed so these different VMs could feed the content packs for these products back on the Log Insight server. It seems like using the Administration -> Agents section in the Log Insight UI would be the best ...more »
Currently when building a query in Interactive Analytics, all of the filters can use AND logic or they can all use OR logic. You can create different groups with different pieces of logic like:
(f_1 AND f_2) OR (f_3 AND f_4)
This would help me condense multiple components in some of our dashboards into one component