Create a log partition to ingest logs based on a routing filter.

Prerequisites

Verify that you have a premium or a trial subscription for VMware Aria Operations for Logs (SaaS).
  • If you have a trial subscription, you must activate log partitions before using the subscription. To activate partitions, go to Log Management > Log Partitions and click Enable Partitions.
  • If you have a free subscription, you cannot use log partitions.
  • If you have a premium subscription, log partitions are available by default, and you do not have to activate the feature.
For information about subscriptions, see VMware Aria Operations for Logs (SaaS) Subscriptions and Billing.

Procedure

  1. Click the two arrows icon in the upper-left corner of the screen to expand the main menu.
  2. Navigate to Log Management > Log Partitions.
  3. Click New Partition.
  4. Provide the following information:
    Option Description
    Name Enter a unique display name for the log partition.
    Description Enter a description for the log partition.
    Type Select whether you want to create an indexed or a non-indexed partition.
    • An indexed partition stores logs for up to 30 days. Use indexed partitions to store logs that you plan to query regularly. You are billed for the ingested log volume, but not for querying the logs.
    • A non-indexed partition stores logs for up to seven years. Use non-indexed partitions to store logs that you do not plan to query regularly. You are billed for both the ingested log volume and for querying the logs.
    Retention Enter the number of days for which you want to retain logs in the log partition.
    Data Groups

    If you are creating a non-indexed partition, you can group the log data by fields.

    Select the Group Data By check box and select the field by which you want to group the data.

    Grouping log data by the relevant field helps store the logs effectively in sub-folders, and displays quicker results when you query logs from your partition in the Explore Logs page.
    Routing Filter

    Add one or more routing filters to ingest logs corresponding to the filters into your partition. You can also use a favorite query.

    Optionally, click Show Logs to preview the filtered log results and Show Chart to view a graphical representation of the log results.
    Data Forwarding to Indexed Partitions

    If you are creating a non-indexed partition, you can select the Forward Data to Indexed Partitions check box to store the logs in both your partition and in indexed partitions.

    You can select either of the following options:
    • Forward all the logs in your partition.
    • Add one or more filters to forward specific logs in your partition.
    If some or all the forwarded logs match the filters defined in certain indexed partitions, these logs are stored in the relevant partitions, based on the ingestion order. The forwarded logs that are not stored in any indexed partition go to the default indexed partition.
  5. Click Create.

Results

The partition appears in the Log Partitions page, under the relevant section. Logs flowing into VMware Aria Operations for Logs (SaaS) that match your routing filter will be ingested into this partition.

What to do next

You can query and analyze the logs in your partition. For more information, see View and Explore Logs in a Log Partition.