Let us know what will make Log Insight even better! Add new ideas & vote on other feature ideas to let us know what's important to you.
We use Log Insights to alert for Windows Event Log entries. It would be very helpful if we could select additional fields from the entries to include in the alerting.
It would be extremely helpful to have a vRO plug-in for vRLI that contains prebuilt workflows for common scenarios using the API.
In the Content Packs section for Log Insight, if you look at the Shared Content, there is a tab for Alerts, but you can't build any shared alerts. It would be really useful to be able to make user level alerts shared with everyone.
When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.
When an alert is triggered to send an email, the email has no contents that give details on the event.
For instance, we send syslog from Cisco routers and switches. We have an alert setup to show when a configuration change is made. The email shows "someone made a config change." It would be nice to include things that were in the log, username that made the change, the device/source, etc.
Currently there are only some few time ranges possible: 5 minutes, 1h, 1d, 2d and custom. With custom only possible to define a fixed range. It would be nice to have a greater range of options. I love how Graylog is managing that. You can, for instance, define "Since Midnight" and then getting all message... well you guest it... since midnight. Or "Last Week", Today, Last Month ... you get it. For starting it would be ...more »
I'd looking for more than one copy of each unit of log data in order to survive the loss of individual node, similar to splunk. Maybe this takes the form of shipping closed Cassandra buckets (although that would not provide cover for recently ingested data).
Ideally, I could use this to provide support for loss of a worker within an AZ, or even the loss of an entire region.
Provide next-level integration with NSX. Enable an administrator of vRealize Log Insight to expedite a consistent logging configuration of all NSX components within an environment, similar to that exposed for vSphere.
It would be very useful to be able to define host groups whether the client is an agent or a syslog devices to be used in queries or to even tag events which are from these groups. It's an overhead having to create forwarding rules to tag logs on forwarders as we don't give dashboard users access to forwarders it would be much simpler to allow them to create a group of hostnames and allow that group to be used in queries. ...more »
Things have improved over time and I have noted the previous feature request (http://loginsight.vmware.com/a/idea-v2/8395) however it is very difficult to manage the status of the endpoints for both agents and syslog hosts. This is important both from an operational and security point of view. Some features which would help a great deal are:- - Ability to purge the "host" page - Add last active (or last received ...more »
Log Insight only allows manuel export chart data to csv file. For example we need a VM names for a specific vCenter Alert rule past week. Also, we need counts of that alert by VM name. We can get with query that and also export chart to csv file. But scheduling that operation on weekly bases would be really nice.