When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.
Currently Log Insight only allows for alerts to be triggered based on batch process times. Lowest being every minute.
I have a customer that would like alerts to be triggered when a match comes in immediately. Their use case is for monitoring 1,000's of Cisco Switch Stacks for physical sites. When a switch dies or power supply dies they would like an instant alert.
Several customers can not view HTML emails on PCs or mobile phones for security reasons.
They request a text format email option.
Log bundles provided to vmware sometimes do not have the info needed to troubleshoot an issue because the logs of interest are no longer present. We need to wait for the next occurrence of the issue and then generate a new log bundle immediately. If this happens outside office hours the necessary logs can be missed again. It should be possible for an alert to trigger an action such as generate log bundle (or run a script). ...more »
Outbound User-Alert notifications (email, webhooks, vrops) contain links back to the Log Insight Cluster. If there is more than one VIP present, the links refer to the cluster by the first (sorted by IP) FQDN. This may not be the preferred identity for user interaction.
Enhancement: Provide an administrative override to specify an arbitrary FQDN for generating self-referential links, as used in alert notifications.
That would be great to be able to configure the default VIP under cluster/ILB configuration tab.
I`m not aware of such feature if I`m wrong please correct me. It would be very very useful to be able to use fields in alert definition and fields to be populated based on their actual value when the alert triggers. We are sending alerts to vROPS. Let`s take an example: I want to monitor when a vRO Workflow fails but I need to create an alert for each Workflow that runs into infrastructure in order to actual give some ...more »
Sometimes Email Alerts should not only be on user level.
E.g. Alerts for a Ticket System
All Users with a specific security role should be able to create and modify them.
E.g. the Alers "*** CRITICAL *** vRA license has expired!" only searches for License Expired in all log swithout any containment of application or something like that.
This results a lot of false positive!
Today the webhooks alerting option sends an unauthenticated web POST to a URL. Enabling an authenticated post would open up the possibility to integrate directly with vRealize Orchestration (vRO), which can accept only authenticated posts.
Many applications log some sort of heartbeat data, or are otherwise expectedly chatty. It would be nice to be able to alert on a query returning less than an expected result over time. If a host or other device suddenly goes silent, having the ability to be notified about it would be very useful.
At the moment WebHooks are very Static regarding output format.
That is a problem if you have a monitoring Solution that is also very static by receiving WebHooks:
PRTG Only excepts this syntax
https://fqnd:5050/loginsight?content=XML String with fixed Syntax
Is there a way to integrate a WebHook Syntax Builder?