In the Content Packs section for Log Insight, if you look at the Shared Content, there is a tab for Alerts, but you can't build any shared alerts. It would be really useful to be able to make user level alerts shared with everyone.
When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.
It would be very useful to be able to define host groups whether the client is an agent or a syslog devices to be used in queries or to even tag events which are from these groups. It's an overhead having to create forwarding rules to tag logs on forwarders as we don't give dashboard users access to forwarders it would be much simpler to allow them to create a group of hostnames and allow that group to be used in queries. ...more »
Things have improved over time and I have noted the previous feature request (http://loginsight.vmware.com/a/idea-v2/8395) however it is very difficult to manage the status of the endpoints for both agents and syslog hosts. This is important both from an operational and security point of view. Some features which would help a great deal are:- - Ability to purge the "host" page - Add last active (or last received ...more »
The current SSL certificate installation procedure is (IMHO) unnecessarily complex, since 90 % of the work needs to be done manually outside vRLI using weird command line instructions. It's like if the first instruction after buying an IKEA shelf would be "hey, go out and buy some screws and make your own wooden plugs". I think the procedure should be more like in NSX, where the product web UI can be used to create ...more »
How can I log the logins from the administrator and other users on the LogInsight user interface and dashboards?
We have some users that want to build dashboards for our entire team to consume but we don't want to give them (or their group) privileges to create arbitrary content. It would be nice if there was a feature that allowed you to promote content created by users to be shared by everyone.
It would be great if the system monitor could be extended with a tab which shows all cluster nodes (CPU, Memory Swap etc) so that it will be possible to see the status of the complete cluster on one single page.
We, like many other enterprise users have many distributed vRLI Servers around the world that effectively serve as forwarders to a master cluster. It would be ideal if these servers inherited the agent configuration from the master cluster so all sub-servers do not need configured with agent groups. This will prevent configuration drift of the multiple servers acting as forwarders. There should however, be the ability ...more »
would be great if we could use the same filters as in "interactive analytics" for "new data set". At the moment there are just a few fields available. For example we would like to create a data set for some users so that they can only see events where "text"-field matches a regex query or certain words or e.g. the "event_type" field is a certain type. Custom extracted fields are also not available for data set filters. ...more »
New EU laws forces companies to limit user log data to 1 year.
So It would be good that Archiving features could be limited by time.
As of today, in order to manage Agent configuration the user needs to have "Super Admin" role which has very wide scope including the ability to manage access control.
We should be able to delegate Agent Configuration to some "power users" without giving them the ability to alter Access Control.
An "Agent Admin" role would great in that objective.