Create a log partition to ingest logs based on a routing filter.

Prerequisites

Verify that you have a premium subscription for vRealize Log Insight Cloud. For information about subscriptions, see vRealize Log Insight Cloud Subscriptions and Billing.

Procedure

  1. Click the two arrows icon in the upper-left corner of the screen to expand the main menu.
  2. Navigate to Log Management > Log Partitions.
  3. Click New Partition.
  4. Provide the following information:
    Option Description
    Name Enter a unique display name for the log partition.
    Description Enter a description for the log partition.
    Type Select whether you want to create an indexed or a non-indexed partition.
    • An indexed partition ingests logs for up to 30 days. You are billed for the ingested log volume, but not for querying the logs.
    • A non-indexed partition ingests logs for up to seven years. You are billed for both the ingested log volume and for querying the logs.
    Retention Enter the number of days for which you want to retain logs in the log partition.
    Data Groups

    If you are creating a non-indexed partition, you can group the log data by fields.

    Select the Group Data By check box and select the field by which you want to group the data.

    Grouping log data by the relevant field helps store the logs effectively in sub-folders, and displays quicker results when you query logs from your partition in the Explore Logs page.

    Routing Filter

    Add one or more routing filters to ingest logs corresponding to the filters into your partition. You can also use a favorite query.

    Optionally, click Show Logs to preview the filtered log results and Show Chart to view a graphical representation of the log results.

    Data Forwarding to Non-Indexed Partitions

    If you are creating a non-indexed partition, you can select the Forward Data to Indexed Partitions check box to store the logs in both your partition and in indexed partitions.

    You can select either of the following options:
    • Forward all the logs in your partition.
    • Add one or more filters to forward specific logs in your partition.
    If some or all the forwarded logs match the filters defined in certain indexed partitions, these logs are stored in the relevant partitions, based on the ingestion order. The forwarded logs that are not stored in any indexed partition go to the default indexed partition.
  5. Click Create.

Results

The partition appears in the Log Partitions page, under the relevant section. Logs flowing into vRealize Log Insight Cloud that match your routing filter will be ingested into this partition.

What to do next

You can query and analyze the logs in your partition. For more information, see View and Explore Logs in a Log Partition.