Feature Requests

Math factor - for values

I was working on making a presentation of different values, and it struck me that it was exposing a lot of different values. One Place i got a Count, and another Place i had MB while on the NeXT one there was bytes. In making comparative Dashboards there should be the ability to use a Math factor for either multiplying or dividing the number you have, so you can alter the exposed value to the desired resultset.

Submitted by (@ronny.berntzen)
1 comment

Voting

4 votes

Feature Requests

User and admin logins on LogInsight webinterface

How can I log the logins from the administrator and other users on the LogInsight user interface and dashboards?

Submitted by (@b90gr.it)
Add your comment

Voting

2 votes

Feature Requests

More advanced query DSL

I want to be able to make more advanced (PIQL?) queries to LI. For example: 1. Apply functions (i.e. regex, arithmetic, logic, type conversion) on one or more existing fields, i.e. a. sum: fieldA + fieldB b. fieldA OR fieldB c. REGEX(fieldA, pattern) d. CAST('10.2' AS DECIMAL) e. CAST(SUBSTRING(fieldA, 0,10) AS DATETIME) 2. Create custom fields: a. DATE() AS today b. expressionA - expressionB ...more »

Submitted by (@pbalinov)
Add your comment

Voting

3 votes

Feature Requests

Add condition to query

We would like to add some conditions on the query. Today we have our monitoring which is working with codes as "200" to "399". So ours probes are switching codes all time, sometimes with a very little time between changes. The aim of this feature request is to provide a way to display events according to some conditions like : - if my field A is containing "200" - if in the following 30 minutes, the field A is switching ...more »

Submitted by (@antoine.ruelle)
Add your comment

Voting

2 votes

Feature Requests

Enrich log records

We would like to be able to enrich log records with info from an external sources (add custom tags for incoming/existing logs based on a query to an external service) like vROPS does.

 

Use cases:

a. Query GeoIP Web Service for IP’s location

b. Query CMDB via HTTP/LDAP for additional information (e.g. customer name, related services, server role, environment ….)

Submitted by (@maksym.bashkirov)
Add your comment

Voting

1 vote

Feature Requests

Compare extract fields on same access.

We need to have a feature where we can compare the extract fields on the same axis. Here is the reason why we need this feature especially when analyse GC logs. Use Case: Say i am using Log Insight to analyse the GC logs. The GC logs will have Initial Heap Size and the Final Heap Size. If we can have a feature where user can decide the axis to compare the extract fields, this will help us interpret the data better. ...more »

Submitted by (@kjayantha)
Add your comment

Voting

2 votes

Feature Requests

Provide SI units for the data parsed from logs

We need to have a feature where we can assign SI units to the numeric values parsed using the logs by writing a filter.

 

Say I am retrieving logs to parse the time taken or memory consumed in the logs. We should have capabilities to add SI units like sec, minutes, Bytes, KB etc.

Submitted by (@kjayantha)
Add your comment

Voting

4 votes

Feature Requests

Application Autodiscovery

When Content packs are added post agent deployment on large estates, each agent's configuration requires updating to add the relevant section to the liagent.ini or the liagent-effective.ini. The recommended route is via the UI, but when the estate is large and there are many forwarders, then it becomes quite a task to determine which content packs are relevant to each of the target agents. It would be fantastic (and ...more »

Submitted by (@pwalker)
Add your comment

Voting

4 votes

Feature Requests

Compare two timeframes in Interactive Analysis Chart

The ability to add a second Timeframe with the same Search and Filters in the same Chart will be awesome. It can be used to compare Results.

Maybe it can also be used for a new Alert Triggers. E.g. differs 50% from last week…

Submitted by (@markus.kraus)
Add your comment

Voting

8 votes

Feature Requests

Enable parser selection and configuration on server or forwarder

Use case:

1) There is no way to use an agent and logs are not getting properly parsed on the server

2) Agent is installed, but administrator prefer not to risk any additional load on the source system caused by agent-side parsing

 

Solution: configure parsing (analogue to agent-side parsing) on the server or dedicated forwarder

Submitted by (@tomas.baublys)
Add your comment

Voting

2 votes

Feature Requests

Where can I see what the current retention is ?

LI has the option to notify when there isn't sufficient storage to comply with a certain retention period.

I would like to see somewhere (preferably as part of a dashboard) what the oldest logged event is.

Or as part of the statistics page.

Submitted by (@b.lievers)
4 comments

Voting

8 votes

Content Packs

Windows Firewall Advanced Content Pack

Extract more Details from Windows Firewall File-Log

(ContentPack is attached)

 

- Blocked Connections by Source IP

- Blocked Connections by Destination IP

- Blocked Connections by Source Port

- Blocked Connections by Destination Port

- Blocked Connections by Protokoll

- Blocked Connections by Hostname

- Disabled / Enabled Firewall

Submitted by (@markus.kraus)
Add your comment

Voting

8 votes