vRealize Log Insight Cloud (formerly known as VMware Log Intelligence) provides visibility across public and private cloud environments including AWS. vRealize Log Insight Cloud features robust log aggregation and sophisticated analytics that enable you to determine root causes for an issue quickly and thoroughly.
Sending Data Set up your log collection with vRealize Log Insight Cloud and learn about the steps for log flows from multiple sources, with recommendations for collections of specific log types.
Explore and Modify the Home Page You can search for log events in the Home page. You can also view widgets that contain information about log trends, event types, alerts, and so on. As an administrator, you can decide which widgets are displayed for the members of your organization.
Searching for Logs You can search for and filter log events in the Explore Logs page by using queries. You can use fields in your search criteria for efficient log monitoring and view logs in real time. You can also save queries, clone queries and modify them, compare query results from multiple systems, share queries and their results with other users, and pin queries to the pinboard.
Extracting Metrics from Logs Application logs contain important information about processes and operations in metrics. You can use these metrics to observe or troubleshoot applications for failures and to monitor their performance based on parameters at various levels of granularity in a data center. In vRealize Log Insight Cloud, you can extract the metrics from logs, tag them according your requirement, and post them to a metric store.
Explore Logs in Real Time Use live tail to view logs as they come into vRealize Log Insight Cloud.
Log Analytics vRealize Log Insight Cloud uses machine learning to perform a Root Cause Analysis (RCA) on your logs. RCA helps you investigate and troubleshoot incidents for a potential root cause in an environment. Additionally, vRealize Log Insight Cloud uses a combination of a set of processes and machine learning methods to provide insights into logs with errors and exceptions, and suggests solutions for these problems.
Working with Dashboards Dashboards present a visual overview of the state of events in vRealize Log Insight Cloud. A dashboard is a collection of widgets, in which each widget is associated with alerts or a query.
Configuring Log Sources Log sources such as agents, applications, and application development platforms generate logs. Installing log sources lets vRealize Log Insight Cloud ingest and analyze logs from these sources.
Alerts and Notifications vRealize Log Insight Cloud provides built-in system alerts for critical issues. You can also configure alerts based on queries that run at scheduled intervals or on every log ingested. You can view the recent alerts in the system and send email and webhook notifications for alerts.
Working with Content Packs Content packs contain dashboards, extracted fields, saved queries, and alerts that are related to a specific product or set of logs. You can enable or deactivate a content pack, export or import a content pack, and remove a content pack.
Forwarding, Retaining, and Archiving Logs You can forward incoming events to vRealize Log Insight, Splunk, or another destination. You can retain certain logs for a lesser number of days than the default retention period. If you want to retain logs for a longer period, you can archive the logs and download them to an Amazon S3 bucket.
Processing Logs You can configure log processing rules for tagging, filtering, and masking the logs that are ingested by vRealize Log Insight Cloud. For example, you can tag logs that contain a sent notification by using additional metadata such as
sent-notification: true, drop logs that are of no use by filtering them, or mask entire logs or fields such as
password within logs.
Log Partitions Log partitions store logs based on the routing filter that you configure for each partition in the Log Partitions page. You can query and analyze logs from specific partitions in the Explore Logs page.
Upload Log Files When you start using vRealize Log Insight Cloud and you do not have any logs to analyze, you can upload log files from your local system to the default partition. You can also upload log files to examine logs from various third-party sources.
Securing Logs with API Keys vRealize Log Insight Cloud uses API keys to ensure the security of logs ingested by the vRealize Log Insight Cloud cloud proxy server.
Viewing Usage Reports Usage reports show how vRealize Log Insight Cloud is used across the organization - the volume of log data ingested and stored, log statistics, recent queries, and active users.
Working with vRealize Log Insight Agents A vRealize Log Insight Agent collects events from log files and forwards them to a vRealize Log Insight Cloud server or any third-party syslog destination.
Integrating vRealize Log Insight Cloud with VMware Products and Services vRealize Log Insight Cloud can integrate with other VMware products and services to use events and log data, and to provide better visibility into events that occur in a virtual environment.
Regional Log Support VMware Cloud on AWS SDDCs can forward vRealize Log Insight Cloud logs to the Asia-Pacific (Sydney) and Europe (Frankfurt) regions, in addition to the US West (Oregon) region. Once applied, this configuration becomes an organization-level change and all the SDDC logs point to the new region. You can select only one vRealize Log Insight Cloud region for an organization. To enable this feature, open a service request or contact customer support.