I have a scenario where my environment is highly restricted behind a firewall. Due to license restrictions I am very limited to what ports I am allowed to allow through the firewall. I would like to be able to change the port that is used for the ingestion API which appears to be limited to port 9543. It would also be nice to change between TCP and UDP if possible.
Let us know what will make Log Insight even better! Add new ideas & vote on other feature ideas to let us know what's important to you.
Query lists can get quite large with dozens or hundreds of items inside. Allow the user to sort the query list by result. E.g. if a query returns "Has Results" show them on top. This makes it easier to focus on the relevant results. In addition the title bar of a query list shall display the amount of queries. Once the user has executed them (green play button), also display the amount of queries with "Has Results". ...more »
When using the API to perform a query, we are unable to use extracted fields are constraints when defining the query.
NOTE: Although the query returns extracted fields, it does not accept extracted fields.
I had a previous request about this, and the response was to just change URL /home to get around it.
Well in the New Version 4.3 i removed a content pack, and got same problem, but now /home Returns me to the full url With the content pack that fails. There must be a way to check if the content pack exists, and if not redirect you to my Dashboard.
Some Content packs needs an own VIP to tag incomming data so the dashboards of that content pack can filter it. For instance the NetApp content packs relies on it. This would mean that when you use a broad spectrum of content packs, you need extra VIP's just to tag data special for those content packs. What if you could tag syslog data based on the source. (IP address or hostname).... or by dataset.... This would bring ...more »
As a Log Insight user and a member of a devops team, I would like to... * be able to set the aggregation as the "raw value" of an extracted field * be able to configure the unit of time to any arbitrary length of time ...because... * I have created a script that generates a log message with an aggregated value * the aggregated value within the log messages generated by the script can be extracted using the extracted ...more »
The current SSL certificate installation procedure is (IMHO) unnecessarily complex, since 90 % of the work needs to be done manually outside vRLI using weird command line instructions. It's like if the first instruction after buying an IKEA shelf would be "hey, go out and buy some screws and make your own wooden plugs". I think the procedure should be more like in NSX, where the product web UI can be used to create ...more »
For some of our network appliances we had to create a dataset for access control. I'd like to leverage that dataset as a filter for querying. It will be handy when creating alerts for specific groups of objects.
I was working on making a presentation of different values, and it struck me that it was exposing a lot of different values. One Place i got a Count, and another Place i had MB while on the NeXT one there was bytes. In making comparative Dashboards there should be the ability to use a Math factor for either multiplying or dividing the number you have, so you can alter the exposed value to the desired resultset.
The importer today does not support uncompressing bz2 -- it should especially given that VMware support bundles use bz2.
Microsoft (until recently) has not natively supported syslog. Event viewer's native format is XML. While the LI agent can collect event viewer logs, it formats them in a proprietary way. It would be ideal to collect in a standard format so when forwarding such events to a third party syslog destination (e.g. SIEM) the third party could properly parse it (without a custom parser). XML is that standard for Microsoft. ...more »
We are trying to only forward specific NSX rules to Splunk. Rules that are in specific subnet ranges. I'd like the ability to do a filter on a regex search of vmw_nsx_firewall_dst or any of the other NSX fields.