VMware Aria Operations for Logs (SaaS) (formerly known as VMware Log Intelligence) provides visibility across public and private cloud environments including AWS. VMware Aria Operations for Logs (SaaS) features robust log aggregation and sophisticated analytics that enable you to determine root causes for an issue quickly and thoroughly.
What to read next
Sending Data Set up your log collection with VMware Aria Operations for Logs (SaaS) and learn about the steps for log flows from multiple sources, with recommendations for collections of specific log types.
Explore and Modify the Home Page On the Home page, you can search for log events and view widgets that contain information about log trends, event types, alerts, and so on. If you are an administrator, you can also decide which widgets must appear on the Home page for the members of your region or organization.
Searching for Logs You can search for and filter log events on the Explore Logs page by using queries. You can use fields in your search criteria for efficient log monitoring and view logs in real time. You can also save queries, clone queries and modify them, compare query results from multiple systems, share queries and their results with other users, and pin queries to the pinboard.
Extracting Metrics from Logs Application logs contain important information about processes and operations in metrics. You can use these metrics to observe or troubleshoot applications for failures and to monitor their performance based on parameters at various levels of granularity in a data center. In VMware Aria Operations for Logs (SaaS) , you can extract the metrics from logs, tag them according your requirement, and post them to a metric store.
Explore Logs in Real Time Use live tail to view logs as they come into VMware Aria Operations for Logs (SaaS) .
Creating and Managing Dashboards Dashboards present a visual overview of the state of events in VMware Aria Operations for Logs (SaaS) . A dashboard is a collection of widgets, in which each widget is associated with alerts or a query.
Scheduling and Managing Reports Reports are an easy way to retrieve, view, and share the data in your dashboard. A dashboard is a collection of widgets, in which each widget is associated with alerts or a query. You can schedule reports to run daily, weekly, or monthly and email them to the specified users in and outside your organization.
Configuring Log Sources Log sources such as agents, applications, and application development platforms generate logs. Installing log sources lets VMware Aria Operations for Logs (SaaS) ingest and analyze logs from these sources.
Defining Alerts and Notifications VMware Aria Operations for Logs (SaaS) provides built-in system alerts for critical issues. You can also configure alerts based on queries that run at scheduled intervals or on every log ingested. You can view the recent alerts in the system and send email and webhook notifications for alerts.
Working with Content Packs Content packs contain dashboards, extracted fields, saved queries, and alerts that are related to a specific product or set of logs. You can enable or deactivate a content pack, export or import a content pack, and remove a content pack.
Forwarding, Retaining, and Archiving Logs You can forward incoming events to VMware Aria Operations for Logs , Splunk, or another destination. You can retain certain logs for a lesser number of days than the default retention period. If you want to retain logs for a longer period, you can archive the logs and download them to an Amazon S3 bucket.
Processing Logs You can configure log processing rules for tagging, filtering, and masking the logs that are ingested by VMware Aria Operations for Logs (SaaS) . For example, you can tag logs that contain a sent notification by using additional metadata such as sent-notification: true
, drop logs that are of no use by filtering them, or mask entire logs or fields such as password within logs.
Log Partitions Log partitions store logs based on the routing filter that you configure for each partition in the Log Partitions page. You can query and analyze logs from specific partitions on the Explore Logs page.
Upload Log Files When you start using VMware Aria Operations for Logs (SaaS) and you do not have any logs to analyze, you can upload log files from your local system to the default partition. You can also upload log files to examine logs from various third-party sources.
Securing Logs with API Keys VMware Aria Operations for Logs (SaaS) uses API keys to ensure the security of logs ingested by the VMware Aria Operations for Logs (SaaS) cloud proxy server.
Viewing Usage Reports Usage reports show how VMware Aria Operations for Logs (SaaS) is used across the organization - the volume of log data ingested and stored, log statistics, recent queries, and active users. Usage reports also allow us to configure daily and monthly log ingestion limits.
Usage Limitations for Features Usage limits are applied on feature configurations that you can create or activate in VMware Aria Operations for Logs (SaaS) .
Working with VMware Aria Operations for Logs Agents A VMware Aria Operations for Logs Agent collects events from log files and forwards them to a VMware Aria Operations for Logs (SaaS) server or any third-party syslog destination.
Integrating VMware Aria Operations for Logs (SaaS) with VMware Products and Services VMware Aria Operations for Logs (SaaS) can integrate with other VMware products and services to use events and log data, and to provide better visibility into events that occur in a virtual environment.
Prerequisites for Migrating from VMware Aria Operations for Logs to VMware Aria Operations for Logs (SaaS) You can migrate from VMware Aria Operations for Logs to VMware Aria Operations for Logs (SaaS) by using the Cloud Connect. Ensure that you meet the following requirements before you start the migration process.
Migrating Logs to a New Region VMware Cloud on AWS SDDCs can forward VMware Aria Operations for Logs (SaaS) logs to Asia-Pacific (Sydney), Canada, Europe (Frankfurt) region, and US West (Oregon) region. Once applied, this configuration becomes an organization-level change and all the SDDC logs point to the new region. You can select only one VMware Aria Operations for Logs (SaaS) region for an organization. To enable this feature, open a service request or contact customer support.
The VMware Aria Operations for Logs (SaaS) API The REST API provides programmatic access to the VMware Aria Operations for Logs (SaaS) data.
VMware Aria Operations for Logs (SaaS) in Multiple Availability Zones The VMware Aria Operations for Logs (SaaS) service in a region is now deployed across multiple availability zones (AZs), which helps the service handle AZ failures.