We have a four node cluster running vSphere 6.0 U3a.
We are setting up a test and dev system for developing a datacenter.
The datacenter will need to log traffic and alerts from different sources (taps, Bro, etc) and produce alerts to an operator if something is found in the logged data that seems to be amiss.
The question came up that Splunk can be used to ingest the logs and data and then use the Splunk dashboards to display anomalies and alerts.
I hear Splunk can be expensive and somewhat difficult to develop dashboards?
vRealize Log Insight is a tool that can be used to alert a user to what is going on in a vSphere environment (ram spikes, disk usage, etc).
But, can vRealize Log Insight be used to ingest in different types of data as in what I describe above?
Anyone doing anything similar, that is, ingesting logs and data from other sources (syslog, taps, pcap,,) and using vRealize Log Insight to display anomalies and alerts, etc.
thanks
