You can use these examples when building your queries in the Explore Logs page. The logs for the last five minutes are displayed by default. vRealize Log Insight Cloud indexes complete, alphanumeric, hyphen, and underscore characters.

Query for NSX-T Firewall Logs for a Firewall Rule ID in an SDDC

To query for NSX-T firewall logs for a rule ID in an SDDC:

  1. Define a filter.
    1. In the Explore Logs page, click Add Filter and select vmw_nsxtvmc_firewall_rule_id from the first drop-down menu.
    2. Select contains from the second drop-down menu.
    3. Enter the rule ID in the value text box.
    4. Click Add Filter and select sddc_id from the first drop-down menu.
    5. Select contains from the second drop-down menu.
    6. Enter the SDDC id in the value text box.
  2. Define the time range.
    1. Click the time range next to the Search button.
    2. Select a time range on the Relative to now or Relative to time tab or define a custom time range on the Custom range tab. You can also select a recently used time range on the Recently used tab.
  3. Click the Search button.

Query for AWS Audit Trail Logs for an AWS Account ID

To query for AWS audit logs for an AWS account ID:

  1. Define a filter.
    1. In the Explore Logs page, click Add Filter and select log_type from the first drop-down menu.
    2. Select contains from the second drop-down menu.
    3. Enter aws_cloud_trail in the value text box.
    4. Click Add Filter and select useridentityaccountid from the first drop-down menu.
    5. Select contains from the second drop-down menu.
    6. Enter the account ID in the value text box.
  2. Define the time range as explained in the first example.
  3. Click the Search button.

Query for Heartbeat Events Reported by the ESX/ESXi hostd Process

To query for all heartbeat events reported by the ESX/ESXi hostd process:

  1. Define a filter.
    1. In the Explore Logs page, click Add Filter and select appname from the first drop-down menu.
    2. Select contains from the second drop-down menu.
    3. Enter hostd in the value text box.
  2. Define the time range as explained in the first example.
  3. Click the Search button.

Query for Errors Reported by vCenter Server Tasks, Events, and Alarms

To query for all errors reported by vCenter Server tasks, events, and alarms:

  1. In the search text box, enter error.
  2. Define a filter.
    1. In the Explore Logs page, click Add Filter and select vc_event_type from the first drop-down menu.
    2. Select Exists from the second drop-down menu.
  3. Click the Search button.