Query lists can get quite large with dozens or hundreds of items inside. Allow the user to sort the query list by result. E.g. if a query returns "Has Results" show them on top. This makes it easier to focus on the relevant results. In addition the title bar of a query list shall display the amount of queries. Once the user has executed them (green play button), also display the amount of queries with "Has Results". ...more »
I was working on making a presentation of different values, and it struck me that it was exposing a lot of different values. One Place i got a Count, and another Place i had MB while on the NeXT one there was bytes. In making comparative Dashboards there should be the ability to use a Math factor for either multiplying or dividing the number you have, so you can alter the exposed value to the desired resultset.
We have some users that want to build dashboards for our entire team to consume but we don't want to give them (or their group) privileges to create arbitrary content. It would be nice if there was a feature that allowed you to promote content created by users to be shared by everyone.
It would be really nice to have Geographic pinning similar to a lot of firewall tools & SIEM system where each outgoing IP address are pinned to a global map to have overview of where the traffics are going.
Queries can be defined in the Log Insight UI in many places, such as Dashboards or Saved Queries or Alerts or even the Share shorturl. It is difficult to translate these queries to the format necessary for the Query API.
Provide an API to execute a pre-existing UI-authored Query by its persistent name/id.
Could be used when constructing a custom portal or when emailing a dashboard snapshot.
Log Insight's Query API allows the expression of an arbitrary query directly. But Log Insight's UI also allows authorship of queries -- alerts, dashboards, saved queries and even share urls all fundamentally refer to a query Log Insight knows about.
Expose a query API endpoint which performs a query based on the name/id of a specific saved construct, without the API client needing to recreate the underlying query.
We need to have a feature where we can assign SI units to the numeric values parsed using the logs by writing a filter.
Say I am retrieving logs to parse the time taken or memory consumed in the logs. We should have capabilities to add SI units like sec, minutes, Bytes, KB etc.
It would be nice to be able to add a widget that has the power to update other widgets on the same dashboard. The use case would be for widgets that are aggregating data from many hosts, and you want to quickly add a filter to all of them to see the scope narrowed to a single host or tag value. This would be of particular benefit for helping search through log bundles uploaded from the import tool, as user-specified ...more »
Some content packs can impact the entire LI clusters performance.
LI should be able to determine based on known best practices if a content pack will potentially be problematic and a warning icon/alert should notify administrators of this situation.