Feature Requests

Let us know what will make Log Insight even better!  Add new ideas & vote on other feature ideas to let us know what's important to you.

Feature Requests

Change Port NUmber

I have a scenario where my environment is highly restricted behind a firewall. Due to license restrictions I am very limited to what ports I am allowed to allow through the firewall. I would like to be able to change the port that is used for the ingestion API which appears to be limited to port 9543. It would also be nice to change between TCP and UDP if possible.

Submitted by (@chorning)

Voting

1 vote

Feature Requests

Improvement to query lists

Query lists can get quite large with dozens or hundreds of items inside. Allow the user to sort the query list by result. E.g. if a query returns "Has Results" show them on top. This makes it easier to focus on the relevant results. In addition the title bar of a query list shall display the amount of queries. Once the user has executed them (green play button), also display the amount of queries with "Has Results". ...more »

Submitted by (@v9bvohzrgzdeogn5)

Voting

3 votes

Feature Requests

Perform API Queries using Extracted Fields

When using the API to perform a query, we are unable to use extracted fields are constraints when defining the query.

 

NOTE: Although the query returns extracted fields, it does not accept extracted fields.

Submitted by (@dsaojose)

Voting

4 votes

Feature Requests

Problem with Home dashboard after removing content pack

I had a previous request about this, and the response was to just change URL /home to get around it.

Well in the New Version 4.3 i removed a content pack, and got same problem, but now /home Returns me to the full url With the content pack that fails. There must be a way to check if the content pack exists, and if not redirect you to my Dashboard.

Submitted by (@ronny.berntzen)

Voting

1 vote

Feature Requests

tag new data by source (hostname) instead of via VIP

Some Content packs needs an own VIP to tag incomming data so the dashboards of that content pack can filter it. For instance the NetApp content packs relies on it. This would mean that when you use a broad spectrum of content packs, you need extra VIP's just to tag data special for those content packs. What if you could tag syslog data based on the source. (IP address or hostname).... or by dataset.... This would bring ...more »

Submitted by (@b.lievers)

Voting

7 votes

Feature Requests

Raw values

As a Log Insight user and a member of a devops team, I would like to... * be able to set the aggregation as the "raw value" of an extracted field * be able to configure the unit of time to any arbitrary length of time ...because... * I have created a script that generates a log message with an aggregated value * the aggregated value within the log messages generated by the script can be extracted using the extracted ...more »

Submitted by (@dsaojose)

Voting

2 votes

Feature Requests

Better SSL certificate workflow/UI/UX

The current SSL certificate installation procedure is (IMHO) unnecessarily complex, since 90 % of the work needs to be done manually outside vRLI using weird command line instructions. It's like if the first instruction after buying an IKEA shelf would be "hey, go out and buy some screws and make your own wooden plugs". I think the procedure should be more like in NSX, where the product web UI can be used to create ...more »

Submitted by (@anders.o)

Voting

3 votes

Feature Requests

Use dataset as a filter

For some of our network appliances we had to create a dataset for access control. I'd like to leverage that dataset as a filter for querying. It will be handy when creating alerts for specific groups of objects.

Submitted by (@travis.randolph)

Voting

0 votes

Feature Requests

Math factor - for values

I was working on making a presentation of different values, and it struck me that it was exposing a lot of different values. One Place i got a Count, and another Place i had MB while on the NeXT one there was bytes. In making comparative Dashboards there should be the ability to use a Math factor for either multiplying or dividing the number you have, so you can alter the exposed value to the desired resultset.

Submitted by (@ronny.berntzen)

Voting

4 votes

Feature Requests

Importer should support extracting bz2

The importer today does not support uncompressing bz2 -- it should especially given that VMware support bundles use bz2.

Submitted by (@steveflanders)

Voting

3 votes

Feature Requests

LI Agent to collect Microsoft Event Viewer in XML format

Microsoft (until recently) has not natively supported syslog. Event viewer's native format is XML. While the LI agent can collect event viewer logs, it formats them in a proprietary way. It would be ideal to collect in a standard format so when forwarding such events to a third party syslog destination (e.g. SIEM) the third party could properly parse it (without a custom parser). XML is that standard for Microsoft. ...more »

Submitted by (@steveflanders)

Voting

1 vote

Feature Requests

Event Forwarding filtered by Content Pack extracted fields

We are trying to only forward specific NSX rules to Splunk. Rules that are in specific subnet ranges. I'd like the ability to do a filter on a regex search of vmw_nsx_firewall_dst or any of the other NSX fields.

Submitted by (@travis.randolph)

Story :

Content packs contain Extracted Field definitions. These are source-specific parser rules which interpret the content of a log message and generate new key=value fields.

 

* Want to use such fields to control Event Forwarding, such as forwarding all logs of a given type.

* Expect a performance penalty higher than source-provided static fields or vip-tagging.

* Expect fields to short-circuit evaluation based on Additional Context, possibly requiring static string comparison to avoid regex overhead.

Voting

2 votes