We are trying to only forward specific NSX rules to Splunk. Rules that are in specific subnet ranges. I'd like the ability to do a filter on a regex search of vmw_nsx_firewall_dst or any of the other NSX fields.
Let us know what will make Log Insight even better! Add new ideas & vote on other feature ideas to let us know what's important to you.
I was trying to use the gauge Control to be an alert overview if i had less than a certain number of DNS servers, ESXi hosts and so on. And i thought having it presented With red color when everything was ok, wasnt exactly right. I tried reversing the scale, and that didnt work. Then i tried to adjust the alert values in reverse order, but that didnt work as well. Is there any way to use the gauge Control in reverse?
It would be great if Log Insight supported the ability to tail / follow logs.
An interactive window where one could type the equivalent of tail -f /var/log/vmupdate.log and get the content of a specific log.
I am not sure if there is similar or the same functionality currently in the platform. Happy to be corrected.
For our "data-protection-officer", we require the possibility to anonymize user data after 7 days, if we woud store them longer than 7 days.
Maybe the "Selective log data obfuscation" is the same idea?
How can I log the logins from the administrator and other users on the LogInsight user interface and dashboards?
More and more customer are implementing NFS v4 for more security. As long as Log Insight could centralize sensitive data it could be a real improvement to be able to archive Log Insight data over a more secure protocol: NFSv4
In large environments it would be beneficial if it would be possible to send the LI log files (/var/log/loginsight) to another LI environment using the liagent. This should be configured inside of LI in the Admin section so that no access to the OS and config file is required.
This would simplify troubleshooting of LI.
I want to be able to make more advanced (PIQL?) queries to LI. For example: 1. Apply functions (i.e. regex, arithmetic, logic, type conversion) on one or more existing fields, i.e. a. sum: fieldA + fieldB b. fieldA OR fieldB c. REGEX(fieldA, pattern) d. CAST('10.2' AS DECIMAL) e. CAST(SUBSTRING(fieldA, 0,10) AS DATETIME) 2. Create custom fields: a. DATE() AS today b. expressionA - expressionB ...more »
We have some users that want to build dashboards for our entire team to consume but we don't want to give them (or their group) privileges to create arbitrary content. It would be nice if there was a feature that allowed you to promote content created by users to be shared by everyone.
Virtual IP Address – Would like to extend the tagging capabilities to ports. So for example instead of creating a new VIP for a different tagging set… create a new port to listen on for associating the tags. This would allow for much greater number of unique destinations to tag on (not expecting the agents to use this, rather our syslog infrastructure would leverage the custom ports).
Data Set Filters – Need to expand the available filters to extracted fields or fully support RFC5424 formatted messages and leverage the structure data portion similar to greylog