Quantcast
Channel: VMware Communities : All Content - vRealize Log Insight
Viewing all 1504 articles
Browse latest View live

Create New Fields/objects in VRLI

March 26, 2018, 4:26 am
$
0
0

We have created several jenkins jobs to do various different things to our virtual environment and vrops. We have added some code to the jenkins job to create a log event in vrli so that we can track what job was run, when, by who and what the change was.

 

The question i have is there a way to tag the data into custom fields or is there a way to do that within log insight. What ui want to do is create a dashboard similar to the vcenter reconfiguration.

 

Any pointers or a link to an existing post would be great

 

Sorry if the terminology is wrong.

Search

Log Insight 4.5 Active Directory Integration

April 3, 2018, 12:41 am
$
0
0

Is it possible to use multiple OUs for the users as search base, e. g <ad-user-search-base value="cn=Users,dn=adtest,dn=local", "cn=Admins,dn=adtest,dn=local"/> to search in the OUs Users and Admins?

IIS Logs in LogInsight

June 15, 2016, 7:34 am
$
0
0

I installed the Microsoft - IIS content pack on my Log Insight cluster.  I noticed it requires certain fields to be enabled on the IIS server for the logs.  My question is, for it to work correctly, are these the only fields that "can" be enabled or do I just need to make sure that at least these ones are enabled?  Hope that makes sense.

 

Thanks,

Tim

 

IIS Prerequisites:

IIS content pack uses logs in W3C format, the following fields need to be enabled in IIS logs using IIS Manager:

• date
• time
• s-sitename
• s-ip
• cs-method
• cs-uri-stem
• cs-uri-query
• s-port
• cs-username
• c-ip
• cs (User-Agent)
• sc-status
• sc-substatus
• sc-win32-status

• time-taken



Log Insight Agent autoupdate

March 30, 2017, 3:55 am
$
0
0

Hello,

 

after upgrade from 4.0 to 4.3 version were not upgraded Agents automatically ( auto-update was enabled before upgrade ). Is there possibility how to force Agent upgrade manually from Log Insight server?

 

Thank you for help

Log insight query - return lines with text 'abcdef' plus the line immediately following it

April 17, 2017, 11:11 am
$
0
0

Hi all,

 

Just wondering if anyone has tried anything like this before.  I'd like to find all lines that contain the text 'abcdef' (for example), plus the line that immediately follows that line.  Filtering for 'abcdef' is easy enough of course, but so far I've been having to check the timestamps on all those lines, clear the filter, and then manually find them based on timestamp to see the line that comes next. It's pretty tedious.

 

Would some sort of regex work maybe? I was thinking something like this:

 

abcdef((.*\n){2})

 

To me it seems like that should find the 'abcdef' string plus all characters after it, until it finds two new lines (the one at the end of the 'abcdef' line plus the new line at the end of the next line). Unfortunately, I can't seem to get any results back.

 

Anyone have any thoughts?

 

Thanks!

 

Greg

Query or Alarm for adding reconfiguring VM

April 24, 2017, 5:45 am
$
0
0

Hi,

i have a question about how to create a alarm when a user change, for example, the memory size of a vm.

I could create a alarm when a vm is reconfigured, but i didn´t see exactly what the user does. I think i am doing something wrong the way i try to get that information out of loginsight.

 

Any help is  much appreciated

Frank

Active Directory auth not working

February 1, 2017, 5:45 am
$
0
0

Hi,

Wondering if someone can help? We recently added 2 nodes to our Log Insight 4.0 cluster, going from 3 to 5 nodes, and expanded disks on the initial nodes so they all matched. All nodes show green and connected however we are having problems logging in to the cluster VIP using AD accounts which worked fine before all this. Logging into the individual appliance seems OK, maybe a bit slower. I paused the nodes one by one which moved the VIP around with no change. Presently the Master and VIP roles are on the same appliance. Logging in with local default admin is fine via the VIP.

 

If there is anything I can look into or more info I can provide, let me know?

 

Thanks in advance for any suggestions.

 

Charlie Ferreira

how can VMware-vRealize-Log-Insight collect logs and can understand any ???

May 10, 2017, 4:58 am
$
0
0

Dear all

Hi

 

i want use VMware-vRealize-Log-Insight-4.0.0-4624504 but now i want to know some feature of this appliance

for example:

 

1 - can it exactly show me why my virtual machine has been restarted ?

2 - can it exactly say me when and why my esxi host has been restarted ? i want exactly know why restarted esxi host for exmple that is reason is for cpu problem or memory or .......

 

3 - can it exactly say me when one of my physical network has been disconnected?

 

finally can it exactly collect my logs with different groups ?

 

can you say me what logs can it show me ??

 

BR

Search

How do I use vROps content pack with vR Log Insight for a vROps cluster?

December 8, 2015, 7:18 am
$
0
0

I'm evaluating vRealize Log Insight 3.0 and want my vROps Cluster log via liagent to vRLI. My vROps is a two-node cluster with a master and a data node.

I've read the pdf doc and also seen the good VMware blog: vRealize Operations Manager Content Pack for Log Insight - VMware Blogs

 

I've added the master node as an Agent in vRLI according to the blog (and doc) and it works. But when I add a new agent for the data node (since it's two different modes and hostnames etc, ref. blog post) using the same structure with changed tags I get the following errors when I save a new group (a group of one host using hostname-filter non the less):

 

1: section with 'filelog|ANALYTICS-analytics' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
7: section with 'filelog|COLLECTOR-collector' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
14: section with 'filelog|COLLECTOR-collector_wrapper' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
21: section with 'filelog|COLLECTOR-collector_gc' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
28: section with 'filelog|WEB-web' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
35: section with 'filelog|GEMFIRE-gemfire' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
41: section with 'filelog|VIEW_BRIDGE-view_bridge' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
48: section with 'filelog|VCOPS_BRIDGE-vcops_bridge' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
55: section with 'filelog|SUITEAPI-api' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
62: section with 'filelog|SUITEAPI-suite_api' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
69: section with 'filelog|ADMIN_UI-admin_ui' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
75: section with 'filelog|CALL_STACK-call_stack' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
81: section with 'filelog|TOMCAT_WEBAPP-tomcat_webapp' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
87: section with 'filelog|OTHER-other1' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
94: section with 'filelog|OTHER-other2' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
101: section with 'filelog|OTHER-other3' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
107: section with 'filelog|OTHER-watchdog' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
114: section with 'filelog|ADAPTER-vmwareadapter' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
121: section with 'filelog|ADAPTER-vcopsadapter' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group
128: section with 'filelog|ADAPTER-openapiadapter' name is already defined in 'com.vmware.vrops.vR Ops 6.x - Master' group

 

"vR Ops 6.x - Master" is what I've called my agent group for my vROps Master node (one host group). I've called my data node agent group for "vR Ops 6.x - Data"

Do I just change the filelog description/name after the pipe ('|')? Like 'filelog|ANALYTICS-analytics' becomes 'filelog|ANALYTICS-analytics-data' for instance? Or is it a special name of filelog that's linked with the content pack?

 

vRLI version is 3.0

vROps is v6.1

Log Insight entries from Log Insight are obscuring my queries

May 2, 2017, 6:26 am
$
0
0

Hi

When running a query, I constantly also see entries of the log insight server itself that shows how it is building the query. For example:

 

[2017-05-02 13:24:44.472+0000] [LogSearchWorker.Processor-thread-2647/xx.xx.xx.xx INFO] [com.vmware.loginsight.analytics.distributed.LogSearchWorkerService] [Received query: SELECT COUNT(item0) FROM timestamp >= 1493645084157 AND timestamp <= 1493731485011 AND (text:"performance has deteriorated" OR text:"lost access to volume") as item0 GROUP BY item0.timestamp/3600000 ORDER BY item0.timestamp DESC; token=664093c5610c8d50]

 

I have no need for these entries. How can I disable them?

 

Regards

Gabrie

Horizon VM to Zero Client Link

April 24, 2017, 4:18 pm
$
0
0

Trying to get log insight to grab the C:\ProgramData\VMware\VDM\logs\pcoip_server_2017_04_24_0000111c.txt file so that we can draw a line from a VDI session to a human on the other end of a zero client (we are a school district - kids are abusive on the equipment)

 

There is a handy line in this file that tells me the IP of the zero client (man DNS resolution would be nice) but I can work with this because I have my DHCP logs being absorbed by insight as well.

MGMT_SSIG :Received session INVITE (172.24.132.97, 00-1F-D8-01-1F-C4, PRI: 0)

 

So from here I can get the IP, the VM name and then compare with other logging get the user name.

 

However I have in the agent to grab this with the Horizon Agent template, but not seeing it.

[filelog|PcoipAgentLogs]

directory=C:\ProgramData\VMware\VDM\logs

include=*.txt;*.log

 

What am I missing?

Migrate Loginsight to a new datacenter

May 11, 2017, 5:29 am
$
0
0

I need to migrate a log insight installation to a new datacentre where the machines will receive a new IP address and ideally would inherit the new naming convention. My question is (a) is the rename/re-ip possible and (b) what is the best way to move it? Should I add another cluster node in the new datacenter and then move the primary role?

 

Thanks

James

problem with config log insight

May 11, 2017, 10:49 am
$
0
0

dear all

Hi

 

what does this means in log insight configuration ?

 

what have to write in that ?

 

 

BR

how can add more than one vCenter to log insight

May 16, 2017, 2:44 am
$
0
0

dear all

Hi

 

i have added a vcenter to my log insight but now want add other vcenter to log insight but there is no option for do this i have attached pic from log insight

now how can add other to log insight ??

 

 

BR

LI agents occasionally stop, how to be alerted?

May 16, 2017, 4:50 pm
$
0
0

we have 4.3, wondering how to be alerted when LI agents (especially vRA) stop after X amount of minutes.  The status is displayed within the UI, how to 'setup an alert'?

 

Steve

Search

Query Export does not work

July 25, 2016, 1:43 am
$
0
0

Hi Everbody,

 

I have a problem while trying to export the result of any query (with Log Insight 3.3.2).

After clicking on Export, no matter which format I choose, Export button shows no function, only Cancel works.

I tested that with Firefox and Chrome.

 

Do you have any ideas or suggestions?

 

THX for you help in advance....

 

Regards

Stefan

what does some log insight means

May 17, 2017, 9:59 pm
$
0
0

Dear all

Hi

 

there are some event logs in log insight that could not understand that means can you help me please?

 

1 - 2017-05-18T04:46:35.065Z BAK-ESX5.opr.dsaVpxa: verbose vpxa[225F9B70] [Originator@6876 sub=VpxaHalCnxHostagent opID=WFU-274a8492] [WaitForUpdatesDone] Completed callback

 

2 - 2017-05-18T04:46:35.056Z BAK-ESX5.opr.dsaVpxa: verbose vpxa[2265CB70] [Originator@6876 sub=VpxaHalCnxHostagent opID=WFU-4b7daa96] [WaitForUpdatesDone] Starting next WaitForUpdates() call to hostd

 

3 - 2017-05-18T04:46:34.072Z BAK-ESX5.opr.dsaVpxa: verbose vpxa[225F9B70] [Originator@6876 sub=halservices opID=WFU-3d48bbd9] [VpxaHalServices] VmGuestDiskChange Event for vm(28) 34

 

4- 2017-05-18T04:46:33.992Z BAK-ESX5.opr.dsaRhttpproxy: verbose rhttpproxy[2C496B70] [Originator@6876 sub=Proxy Req 37895] The client closed the stream, not unexpectedly.

 

BR

how to launch an action when raising a log insight alert

May 26, 2017, 1:31 am
$
0
0

Hi,

 

Is there a way to launch an action when an alert is raised in log insight ? Can the alert be send to f.e. orchestrator to execute a shell script on an esx server ?

Or is there any other integration possible to trigger an action ?

 

Thanks

Kristof

Working with PowerShell Transcript Log Files

May 31, 2017, 8:09 am
$
0
0

Hallo,

 

has anyone tried to properly collect PowerShell Transcript Log Files?

Default is that each Line is a New Event, that does no work properly in case of errors and multi Line Messages. I also tried with my own Event marker, but that is not really flexible.

 

Normal Log:

**********************
Windows PowerShell transcript start
Start time: 20170531171206
Username: 
RunAs User: 
Machine: 
Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
Process ID: 7024
**********************
Transcript started, output file is D:\Dev\VmConfigTrigger\Output-05312017-051206.txt
vmConfigTrigger log Number 05312017-051206 Starts
'2' VMs were found in Config File to Process.


Name                                                 RAM CPU
----                                                 --- ---
test                                                     1
aijuPrpMNIOhRotQzSmDUqHBJAkTwGYVKCdxWFfcXegvZEbysnlL 1   1




'1' VMs found with matching Name Pattern 'test'
WARNING: Name 'test' Not Unique Identified in VM 'TESTSCCMDMH2'!
'1' VMs found with matching Name Pattern 'aijuPrpMNIOhRotQzSmDUqHBJAkTwGYVKCdxWFfcXegvZEbysnlL'
  VM 'aijuPrpMNIOhRotQzSmDUqHBJAkTwGYVKCdxWFfcXegvZEbysnlL' Unique Identified!  VM 'aijuPrpMNIOhRotQzSmDUqHBJAkTwGYVKCdxWFfcXegvZEbysnlL': Needs RAM Change. '1' GB RAM.  VM 'aijuPrpMNIOhRotQzSmDUqHBJAkTwGYVKCdxWFfcXegvZEbysnlL': Needs CPU Change. '1' vCPU.  VM 'aijuPrpMNIOhRotQzSmDUqHBJAkTwGYVKCdxWFfcXegvZEbysnlL': Actual vCPU´s. '1'.  VM 'aijuPrpMNIOhRotQzSmDUqHBJAkTwGYVKCdxWFfcXegvZEbysnlL': New vCPU´s. '1'.  VM 'aijuPrpMNIOhRotQzSmDUqHBJAkTwGYVKCdxWFfcXegvZEbysnlL': vCPU´s already fine.
**********************
Windows PowerShell transcript end
End time: 20170531171207
**********************

 

Log With an Error:

**********************
Windows PowerShell transcript start
Start time: 20170531171747
Username: 
RunAs User: 
Machine: 
Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
Process ID: 7024
**********************
Transcript started, output file is D:\Dev\VmConfigTrigger\Output-05312017-051747.txt
vmConfigTrigger log Number 05312017-051747 Starts


PS>TerminatingError(ConvertFrom-Json): "Invalid JSON primitive:     {        "Name": "aijuPrpMNIOhRotQzSmDUqHBJAkTwGYVKCdxWFfcXegvZEbysnlL",        "RAM": "1",        "CPU": "1"    }
]
."
ConvertFrom-Json : Invalid JSON primitive:    {        "Name": "aijuPrpMNIOhRotQzSmDUqHBJAkTwGYVKCdxWFfcXegvZEbysnlL",        "RAM": "1",        "CPU": "1"    }
]
.
At D:\Dev\VmConfigTrigger\VmConfigTrigger.ps1:35 char:77
+     [Array] $Configs = Get-Content -Raw -Path "$PSScriptRoot\Config.json" | Conv ...
+                                                                             ~~~~    + CategoryInfo          : NotSpecified: (:) [ConvertFrom-Json], ArgumentException    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand


D:\Dev\VmConfigTrigger\VmConfigTrigger.ps1 : Failed to Read Config File!
    + CategoryInfo          : InvalidData: (:) [Write-Error], WriteErrorException    + FullyQualifiedErrorId : FailedReadConfigFile,VmConfigTrigger.ps1


D:\Dev\VmConfigTrigger\VmConfigTrigger.ps1 : A Global Error occured, Script will stop! Problem needs to be resolved and then the Script can be restarted,
    + CategoryInfo          : OperationStopped: (:) [Write-Error], WriteErrorException    + FullyQualifiedErrorId : GlobalError,VmConfigTrigger.ps1


**********************
Windows PowerShell transcript end
End time: 20170531171747
**********************

 

Maybe a special Parser or some PS Tricks can do that, or Transcript is a Bad Idea at all... Any help is welcome.

 

Kind Regards,

Markus

what does means OSI 25 in license description

May 16, 2017, 2:58 am
$
0
0

dear all

Hi

 

i have attached a pic from my log insight license decriptions but could not understand what does meand OSI counts = 25 ??????

is that means this can just send syslog for 25 vm ???

 

BR

Viewing all 1504 articles
Browse latest View live
Search