VMware vRealize Log Insight 4.5

Log Insight 4.5, available 2017-06-13.

Download | Release Notes | Installation and Usage Videos | Support Center
 

New server features:

  • Added API to query alert execution and notification history
  • Added ability to specify basic authentication for webhooks
  • New product configuration APIs added
  • The source field is maintained when forwarding from vRealize Log Insight forwarder to a vRealize Log Insight server
  • Hosts on the /admin/hosts page can now be exported
  • Support for external load balancers has been deprecated
  • VMware Identity Manager (vIDM) is recommended for vRealize Log Insight. Native AD support is now deprecated. See the following Knowledge Base article for migration information: Article 2148976

General User Interface Items:

  • Dashboard legend mouse-over in one widget now highlights corresponding chart items across widgets
  • Added ability to show a given time across all dashboard chart widgets simultaneously
  • Separate options are available for descriptions and recommendations for user alerts
  • User alert history for aggregation queries now includes count

New agent features:

  • Added ability to send unaltered raw syslog to destination server
  • Added ability for agent syslog parser to parse structured data (SD), PRI, PROCID, and MSGID syslog fields
  • Added auto-update checkbox option on MSI user interface
  • Added support for sending logs to multiple destinations
  • Added directory wildcard support
  • Added support for Photon OS
  • Support for Ubuntu 12.04 LTS has been deprecated

And just like in previous releases, everyone with a vCenter Server license gets a free version of Log Insight. See the full list of what's new in Log Insight 4.5.

Join the VMware Log Insight Community!

Register now and vote on feature requests or propose new ones.

You'll also have access to our next Technical Preview release. Installed as a fresh deployment or on top of the latest release, this lets you preview experimental features and enhancements that may be available in a future generally-available release of Log Insight and give us feedback - what needs work, what features you’re still looking for, or what’s wonderful. Let us know!

Campaign: Feature Requests

high availability of data across workers

I'd looking for more than one copy of each unit of log data in order to survive the loss of individual node, similar to splunk. Maybe this takes the form of shipping closed Cassandra buckets (although that would not provide cover for recently ingested data).

 

Ideally, I could use this to provide support for loss of a worker within an AZ, or even the loss of an entire region.

Submitted by (@nthaler)

Voting

2 votes

Campaign: Administration of Log Insight

Forwarder produce events in the Windows Event XML format

Log Insight's Forwarder supports Syslog and CFAPI (HTTP+JSON) today. The Forwarder should be extended with an additional serialization format, conforming to the Windows Events XML schema. Standard Windows Events' XML attributes should be reconstructed from standard Log Insight field=value pairs.

 

This aligns with http://loginsight.vmware.com/a/idea-v2/211076

Submitted by (@alancastonguay)

Voting

1 vote

Campaign: General Log Insight Q&A

New Mouse-Over feature (v4.5) - need to disable, maybe per Dashboard or globally

The new feature "Dashboard legend mouse-over in one widget now highlights corresponding chart items across widgets" is really bad on some dashboards, so that some dashboards are not useable anymore, because the screen is filled up with mouse-over informations and on some dashboards it flipps between mouse-over hints and back and back to mouse-over - because of to many informations that will be displayed and between chart ...more »

Submitted by (@thomasb)

Voting

3 votes

Campaign: Feature Requests

NSX integration in vRLI to push logging configuration to all NSX components

Provide next-level integration with NSX. Enable an administrator of vRealize Log Insight to expedite a consistent logging configuration of all NSX components within an environment, similar to that exposed for vSphere.

Submitted by (@gfritz)

Voting

3 votes

Campaign: Feature Requests

Host Groups

It would be very useful to be able to define host groups whether the client is an agent or a syslog devices to be used in queries or to even tag events which are from these groups. It's an overhead having to create forwarding rules to tag logs on forwarders as we don't give dashboard users access to forwarders it would be much simpler to allow them to create a group of hostnames and allow that group to be used in queries. ...more »

Submitted by (@hywelburris)

Voting

2 votes

Campaign: Collection

Blacklisting/Discarding Events

From time to time there are occasions where i really would hope that blacklisting/discarding events is implemented in vRLI. For an example we currently are flooded with log entries from our 5.5 ESXi hosts which are coming from an "BUG" which is to be fixed in a patch without ETA. But there would be countless other examples too. I'm aware that there are possibilities to achieve that. One is with agents but for ESXi that ...more »

Submitted by (@rockaut)

Voting

3 votes

Campaign: General Log Insight Q&A

upgrade from 4.3 to 4.5 failed

Upgrade Failed

Failed to create cluster snapshot

Submitted by (@syu000)

Voting

0 votes

Campaign: General Log Insight Q&A

Agents, MS Cluster Services and Logs on cluster disks

Hi, Does anyone have any experience in running LI Agent on MS failover clusters? We are trying to monitor the SQL logs and obviously the clustered drive (where the logs exist) are only mounted on one server at a time, so when the LI agent starts on each server, in the pair, one can read the logs drive and the other can't so it ignores that drive as it doesn't exist. When the cluster fails over we need a way of telling ...more »

Submitted by (@hywelburris)

Voting

1 vote

Campaign: Feature Requests

Better endpoint status

Things have improved over time and I have noted the previous feature request (http://loginsight.vmware.com/a/idea-v2/8395) however it is very difficult to manage the status of the endpoints for both agents and syslog hosts. This is important both from an operational and security point of view. Some features which would help a great deal are:- - Ability to purge the "host" page - Add last active (or last received ...more »

Submitted by (@hywelburris)

Voting

1 vote

Campaign: Feature Requests

Scheduling Export Chart Data

Log Insight only allows manuel export chart data to csv file. For example we need a VM names for a specific vCenter Alert rule past week. Also, we need counts of that alert by VM name. We can get with query that and also export chart to csv file. But scheduling that operation on weekly bases would be really nice.

Submitted by (@mcan06)

Voting

0 votes

Campaign: Content Packs

vSphere CP - [filelog|vsphere6-linux-vapi-endpoint]

The Log Path in the default Config is empty. The Logs for the vAPI Endpoint can be found in : /var/log/vmware/vapi/endpoint/

 

[filelog|vsphere6-linux-vapi-endpoint-Custom]

directory=/var/log/vmware/vapi/endpoint/

include=*.log*;*.txt*

exclude=wrapper.log*;*-gc.log*

event_marker=^\d

tags={"vmw_product":"vcenter"}

Submitted by (@markus.kraus)

Voting

0 votes

Campaign: Feature Requests

Real Time Alerts

Currently Log Insight only allows for alerts to be triggered based on batch process times. Lowest being every minute.

I have a customer that would like alerts to be triggered when a match comes in immediately. Their use case is for monitoring 1,000's of Cisco Switch Stacks for physical sites. When a switch dies or power supply dies they would like an instant alert.

Submitted by (@heathbarj)

Voting

1 vote