Hi There,
If you use the internal vCenter supplied with VXRail, you get a Log Insight License, and it shows up in the web GUI as a 'Permanent CPU (Full) license'.
Does this mean that there are no OSI limitations and are there any limitations at all? IE - Can we configure as many external devices as we like to send syslog info to the log insight node?
Thanks in advance
Hi Experts,
Can anyone know what language we use for filtering logs in logInSight? so that I will work on that language for better understanding syntax
Thank you,
Volga.
I'm trying to monitor Kubernetes by Log Insight but I'm not able to achieve it. Please suggest if anyone has tried this.
Recently I was having a conversation with a colleague about the scratch location an ESXi host. The question that we were unclear on though, was whether or not - when an ESXi host is registered with Log Insight, is the scratch location now Log Insight? I've noticed that the scratch location isn't changed in vCenter (still /tmp/scratch because this is an SD install), but is that log data being sent to Log Insight?
The log persistence alarm goes away, which is why we ended up having this conversation . TIA!
Hi,
is there any possibility to add some kind of baseline to a chart?
I have a dashboard of events, but I am only interested if the number of events is above a certain number. It also would make the scale better.
fwiw: i searched through KB and this community and olny fount one idea posted some years ago which goes in the same direction:
Hi,
i know, second post in a row, but still differnet topic:
Is it possible or was it ever discussed to have some kind of auto refresh in IA?
When adding a query/chart to a dashboard it is possible to activate auto refresh, but as soon as you leave the dashboard this feature is gone. It would be really nice to have something like this to be able to watch values and logs change in IA.
Has anyone been successful in getting the liagent installed and working on a 6.7U2 VCSA? I got the RPM installed, verified the LI VIP IP in the hostname field of the liagent.ini file; and, set the LI server's IP to allow in the VCSA's VAMI Firewall settings-- but I'm not getting it to show up in LogInsight under the Agents section (and therefore not able to apply an agent config).
Running 4.8 Log Insight.
Any ideas?
Thanks,
I noticed several hosts for whatever reason the vmkernel and vmkwarning logs stop logging. How would I setup an alert in VRLI keying on these specific logs.
thanks
I have a VRLI 4.8.1 cluster that I need to decommission. I would like to export all logs to an NFS share (blob format is perfect). Is there any way to force the export of all logs to the NFS share?
I would like to avoid manually SCPing them off the cluster and putting them into the appropriate folders.
Hello
How i can convert(create aliases) datastore ID(naa.) to human name of my Datastores in dashboards, alarms or interactive analytics?
In release notes to LogInsight 4 have a record:
"Support for Datastore Device ID-to-name aliasing in event queries and results"
How (where?) i can use it?
I am using LogInsight ver. 4.6.
We've just updated VRLI in our lab environment from v4.8 to v8.0 but encountered a couple of issues along the way. Am documenting them here for the benefit of others and any input from VMware.
Failure to migrate network adapter gateway configuration
The gateway for the network adapter wasn't correctly migrated during the conversion to Photon OS. This resulted in the upgrade appearing to hang as the appliance was unable to communicate with any system outside of its IP subnet. The issue is alluded to in the Release Notes but they're somewhat vague and lack instructions on how to check if you're affected and any workaround steps:
The issue is caused by the /etc/sysconfig/network/ifcfg-eth0 file "missing" a GATEWAY='w.x.y.z.' statement. I say "missing" as this doesn't appear to be where SLES typically saves static routes. Those are contained in the /etc/sysconfig/network/routes file, which is what the upgrade process should presumably be looking at. In our case it contained a single line specifying the default route.
As a workaround, you can SSH to the box and add the line the upgrade scripts are expecting before performing the upgrade.
Regression in handling of STARTTLS for SMTP
After upgrading we had to modify the SMTP configuration to not use STARTTLS. This was working fine previously but now sending a test email with STARTTLS enabled fails with the error:
The issue appears to be something in the Java configuration of VRLI. In our configuration we're sending to Office 365 via "Direct Send". Keen to get any input from VMware on this one.
As a workaround you can disable STARTTLS, however, you may wish to do so before starting the upgrade so you don't potentially lose any emails before you can apply the workaround post-upgrade.
Hello Community,
i'm pretty new to the vRealize Log Insight. But one of my first tasks is to upgrade our instances. So i informed myself about upgrade paths and so on , everything is fine regarding that.
I started my Upgrade via -> Administration -> Cluster -> Upgrade Cluster -> VMware-vRealize-Log-Insight-4.7.1-10752772.pak -> Accept terms.
But as soon as i did that, an error occured simply stating " An upgrade Error occured " i tried to redo it, but now i always get the error :
"Upgrade to 4.7.1-10752772 already in progress"
I attached a screenshot of the message. So i really don't know what i can do about it, since there is no Status about an upgrade being implemented.
Anyone got any suggestions for me?
Thanks in advance!
Moritz
hello
i have log insight 8 connet to vcenter 6.0 and 6.7 and correct capture vcenter events.
but
but not all vcenter events are captured
example:
if I create a folder inside the vcenter, this event appears in the vcenter events: example create vm folder.
but log insight not capture this event.
if I a query to log insigh I don't even find the name of the folder created on vcenter.
how can I configure the loginsight8 to really capture all the vcenter logs?
thanks
Hello Experts,
In our environment, vRLI nodes is at 97% disk utilization.I was going through VMWare documentation (https://docs.vmware.com/en/vRealize-Log-Insight/4.7/com.vmware.log-insight.administration.doc/GUID-C1E3BC21-4156-46B6-B4BB-0D396BC934C6.html ) which states that “vRealize Log Insight never runs out of disk because every minute it checks if the free space is less than 3 percent. If the free space on the vRealize Log Insight virtual appliance drops below 3 percent, old data buckets are retired”. But associated risk is “if the disk is small and log ingestion rate is so high that the free space (3 percent) is filled out within 1 minute, vRealize Log Insight runs out of disk.”
Based on this scenario, I have two following queries
1) Is it possible to tweak some settings within vRLI to ensure, it checks if free space is less than 10 percent instead of 3 percent(default feature)
2) How can I generate list of all appliance/nodes sending alerts/logs to vRLI.
Thank You!!
Rahul Kumar
Just wondering if anyone has built a PAK with some handy dashboard for Microsoft Office 365 and/or Azure AD security logs?
While we don't use log insight as our SIEM tool, its becoming more import to correlate Office365 events with the rest of our infrastructure.
in a 3 node cluster, 1 master, 2 workers. If maintenance needs to be done to the master, any kind of maintenance, is there a way to transfer the master role to another worker and then remove the ex-master node?
So we have been playing with our deployment, and getting a feel for it.
It seems like there is a lot of noise present. We've been successfully using event_type filters to remove some of this. Is this a standard practice, or are there some other tricks?
When we are filtering things out, are we going to impact any other stock performance monitors inside vRealize Ops Manager?
Topic Name : Upgrading vRealize Log Insight
Publication Name : Administering vRealize Log Insight
Product/Version : vRealize Log Insight/8.0
Question :
Please ignore - only for testing
I see loginsight will literally ingest anything from any ip as long as its sent to it.
How can I prevent this happening, and only allow ingestion from a selected list of machines/ip addresses?
Would I have to somehow edit the firewall on the appliance manually?
Thanks
Hi All,
I'm looking to pull the Storage VMotion or Storage DRS logs from VMware log insight to audit what cuased the storage exhausted.
Any pointers will be much appreciated.
Thanks
vmk