Feature Requests

Add conf.d style configuration to liagent's config

I'm deploying systems under ansible and each has different log directories to be pushed. And I might layer different services. Similar to see /etc/rsyslog.conf and rsyslog.d, I'd like to be able to add additional configurations by just simply dropping files into a liagent.d/ directory (the path of which would be defined in the main liagent.ini) This would allow me to drop say a liagent.d/httpd.ini to grab http logs ...more »

Submitted by (@rrauenza)
2 comments

Voting

3 votes

Feature Requests

Searching from UTC time

In the UI please allow searching based on UTC time as well as client local time. Some teams work better using pure UTC time as it help to coordinate events between systems. Currently you need to do a time translation to get the correct time.

Submitted by (@ppeterson)
Add your comment

Voting

2 votes

General Log Insight Q&A

STRUCTURED-DATA for non-agent messages

Ahoj there, i'm sending in messages directly to vRLI server over udp:514. They should be perfectly RFC compatible as it works on another syslog server (non vRLI server 😉 ). Question: i can't get vRLI to format/extract the structured data automatically. I found some docs regarding syslog structured-data extraction for agent but nothing for non-agent messages. Isn't this implemented? As an example: 2017-08-28T09:28:55.509334+02:00 ...more »

Submitted by (@rockaut)
4 comments

Voting

1 vote

Feature Requests

Dashboard thresholds and limits

I would like two features for the dashboards. 1. A line denoting a configured threshold. 2. The ability to set a "top ten" limit on a dashboard instead of displaying all of the similar events.

Submitted by (@jbronson)
Add your comment

Voting

1 vote

General Log Insight Q&A

Bug - Content pack loading after uninstall

Hi

 

After uninstalling a content pack. Log Insight still tries to access the last used content pack, which in this case has been uninstalled. This results in Log Insight loading "forever" - Atleast i did not see it timeout.

 

Workaround close all browsers and log in again.

Submitted by (@michaelryom)
1 comment

Voting

4 votes

Content Packs

Veeam B&R Content Pack Agent configuration incomplete

Veeam has issued a content pack for their popular product Veeam Backup & Replication with several dashboards and field extractions.

Still, Agent has no configuration and does not collect Veeam events.

 

Simple as it is, it could be useful to have Agent configuration ready here:

 

[winlog|Veeam_Backup]

channel=Veeam Backup

 

Yes, that's it :)

 

Should I really attach it as a separate content pack here?

Submitted by (@o.karimov)
4 comments

Voting

1 vote

Administration of Log Insight

Forwarding windows events (UDP/TCP) always includes tags

I am forwarding windows events collected by LI agent from Log Insight to Splunk using syslog protocol. , The box "Forward complementary tags" is not checked, but it seems to be always on. On the receiver side I see following additional stuff in the event: - - - [Originator@6876 eventid="326" task="General" keywords="Classic" level="Information" channel="Application" eventrecordid="2018" providername="ESENT"] Complementary ...more »

Submitted by (@tomas.baublys)
Add your comment

Voting

1 vote

Feature Requests

NSX CP - Edge Firewall action Field does not work

The Extracted Field in NCX CP Version 3.6 does not work with NSX 6.3.1. I have not tested other Versions of NSX or CP.

Submitted by (@markus.kraus)
Add your comment

Voting

1 vote

Feature Requests

Log Insights Alerting Add Fields

We use Log Insights to alert for Windows Event Log entries. It would be very helpful if we could select additional fields from the entries to include in the alerting.

Submitted by (@zentrout)
3 comments

Voting

5 votes

Feature Requests

vRO plug-in for Log Insight

It would be extremely helpful to have a vRO plug-in for vRLI that contains prebuilt workflows for common scenarios using the API.

Submitted by (@chipzoller)
2 comments

Voting

3 votes

Feature Requests

User Alerts Should Be Able to Be Added to Shared Content

In the Content Packs section for Log Insight, if you look at the Shared Content, there is a tab for Alerts, but you can't build any shared alerts. It would be really useful to be able to make user level alerts shared with everyone.

Submitted by (@mfriedri)
Add your comment

Voting

3 votes

Feature Requests

Should be able to delete content from Content Packs section

When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.

Submitted by (@mfriedri)
Add your comment

Voting

5 votes