Content Packs

Super Pack for non-log data from Active Directory

Upon request from our security people, I have made a PowerShell module that collects non-log data from AD and pushes it as logs to the loginsight server. This way they can have a Dashboard of data that is either not accessible from logs, or where log retreival would mean a massive search from all data available, and thus very slow searches. I have built this in this way: 1. Powershell scripts running as scheduled jobs ...more »

Submitted by (@ronny.berntzen)
2 comments

Voting

3 votes

Content Packs

HP OA content pack

Hi

 

Had en issue - created an content pack 🙂

 

So here it is the HP OA content pack. All there is required is to set HP OA til send syslog to log insight.

 

It has three dashboards - Overview, changes and authentication.

 

Overview gives you quick insight to changes and problems in your environment.

Changes - is all about changes made by humans

Authentication - shows login attempts and failures

Submitted by (@michaelryom)
5 comments

Voting

3 votes

Feature Requests

Dashboard thresholds and limits

I would like two features for the dashboards. 1. A line denoting a configured threshold. 2. The ability to set a "top ten" limit on a dashboard instead of displaying all of the similar events.

Submitted by (@jbronson)
Add your comment

Voting

1 vote

General Log Insight Q&A

Bug - Content pack loading after uninstall

Hi

 

After uninstalling a content pack. Log Insight still tries to access the last used content pack, which in this case has been uninstalled. This results in Log Insight loading "forever" - Atleast i did not see it timeout.

 

Workaround close all browsers and log in again.

Submitted by (@michaelryom)
1 comment

Voting

4 votes

Feature Requests

Should be able to delete content from Content Packs section

When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.

Submitted by (@mfriedri)
Add your comment

Voting

5 votes

Feature Requests

Additional time ranges

Currently there are only some few time ranges possible: 5 minutes, 1h, 1d, 2d and custom. With custom only possible to define a fixed range. It would be nice to have a greater range of options. I love how Graylog is managing that. You can, for instance, define "Since Midnight" and then getting all message... well you guest it... since midnight. Or "Last Week", Today, Last Month ... you get it. For starting it would be ...more »

Submitted by (@rockaut)
1 comment

Voting

2 votes

Feature Requests

Improvement to query lists

Query lists can get quite large with dozens or hundreds of items inside. Allow the user to sort the query list by result. E.g. if a query returns "Has Results" show them on top. This makes it easier to focus on the relevant results. In addition the title bar of a query list shall display the amount of queries. Once the user has executed them (green play button), also display the amount of queries with "Has Results". ...more »

Submitted by (@v9bvohzrgzdeogn5)
2 comments

Voting

3 votes

Feature Requests

Math factor - for values

I was working on making a presentation of different values, and it struck me that it was exposing a lot of different values. One Place i got a Count, and another Place i had MB while on the NeXT one there was bytes. In making comparative Dashboards there should be the ability to use a Math factor for either multiplying or dividing the number you have, so you can alter the exposed value to the desired resultset.

Submitted by (@ronny.berntzen)
1 comment

Voting

4 votes

Content Packs

VMware vSphere - More FDM (HA) details

Hello,

 

most HA information's are at the moment focused on VM HA Events. But the FDM Log analysis fur all the hist states is also very interesting.

 

I created some examples for the enhancement.

Submitted by (@markus.kraus)
Add your comment

Voting

3 votes

Feature Requests

Promoting user content

We have some users that want to build dashboards for our entire team to consume but we don't want to give them (or their group) privileges to create arbitrary content. It would be nice if there was a feature that allowed you to promote content created by users to be shared by everyone.

Submitted by (@mfriedri)
Add your comment

Voting

6 votes

Content Packs

Geomap for NSX Fireall Dashboard

It would be really nice to have Geographic pinning similar to a lot of firewall tools & SIEM system where each outgoing IP address are pinned to a global map to have overview of where the traffics are going.

Submitted by (@jtsai.cp)
Add your comment

Voting

1 vote

Feature Requests

Execute persisted query via API

Queries can be defined in the Log Insight UI in many places, such as Dashboards or Saved Queries or Alerts or even the Share shorturl. It is difficult to translate these queries to the format necessary for the Query API.

 

Provide an API to execute a pre-existing UI-authored Query by its persistent name/id.

Submitted by (@acastonguayvmware.com1)
Add your comment

Voting

3 votes