vRealize Log Insight Cloud summarizes a large number of individual events into a smaller number of broad event types. The system uses machine learning to group similar events together, with each group showing the approximate number of events in the group. Grouping events helps identify the most communicative events and the most quiet ones, both of which are critical for troubleshooting.

vRealize Log Insight Cloud tries to automatically detect groups of similar events based on the number of common parts that the events have. For example, consider the following events:

  • [2019-05-20 06:41:24.291+0000] ["SearchWorker-thread-12999"/10.113.164.150 INFO] [com.company.product.analytics.distributed.LogSearchWorkerService] [Worker fully completed query (token=5f6e5e1faf93e4ce) in 11 msec]
  • [2019-05-20 06:41:24.284+0000] ["SearchWorker-thread-11961"/10.113.164.167 INFO] [com.company.product.analytics.distributed.SearchWorkerService] [Worker fully completed query (token=3b247b2ba6057c47) in 24 msec]

These events have eight common parts - time stamp, thread name, host IP, logging level, class name, message text, token number, and duration.

Now, consider the following events:

  • [2019-05-20 06:41:24.291+0000] ["LogSearchWorker-thread-12999"/10.113.164.150 INFO] [com.vmware.loginsight.analytics.distributed.LogSearchWorkerService] [Worker finished search (wait=59500 token=5f6e5e1faf93e4ce) in 12 msec]
  • [2019-05-20 06:41:20.136+0000] ["AliasStudentStudyPool-thread-1"/192.168.110.24 INFO] [com.vmware.loginsight.analytics.alias.AliasStudent] [looking for alias due to rule DatastoreFromVmFileSystem]

These events only have three common parts - time stamp, host IP, and logging level.

In the Explore Logs page, the Types tab under the chart provides an aggregated view of similar events. By default, the types are sorted with the highest number of event occurrences. You can select Least in the drop-down menu to sort by the least number of events. You can also click the three dots icon against an event to add a filter in the query with similar or dissimilar events.