The vRealize Log Insight Importer is a command-line utility used to import offline logs of historical data from local machines to the vRealize Log Insight server.
vRealize Log Insight is a real-time log analysis tool that streams syslog events or agent events into vRealize Log Insight, but there may be times when you need to import logs that were collected in the past. By using vRealize Log Insight Importer, you can import support bundles and archived logs to ingest data that was collected over a period of time. You can analyze logs from support bundles gathered from vRealize Log Insight or any VMware product.
vRealize Log Insight Importer sends data over the ingestion API. It supports filelog collection including recursive directory collection. The filelog include option defaults to I. The Importer can read data from archive files (zip, tar, and gz), as well as from nested archives (zip in zip, tar.gz, etc.). 7-Zip is not supported.
The following restrictions apply when working with vRealize Log Insight Importer.
You must ensure that vRealize Log Insight has access to the NFS server on which archived data is stored. If the NFS server becomes inaccessible due to network failure or errors on the NFS server, the import of archived data might fail.
vRealize Log Insight Importer does not check for available disk space on the vRealize Log Insight virtual appliance. Therefore, the import of archived logs might fail if the virtual appliance runs out of disk space.
vRealize Log Insight Importer is dependent on agent-side parsing (timestamp parsing) and multi-indexing.
vRealize Log Insight does not display progress information during log imports. As the import of archived data is in progress, you are unable to infer from the console output how much time is left before the import finishes or how much data is already imported.
A log bundle name is automatically determined and added as a bundle tag to all logs extracted from that specific bundle during the ingestion. The name is the filename of the log or the directory name in case of directory sources. Bundle tags differentiate bundles on a vRealize Log Insight Server. This tag overrides any tags with the same name that are specified in the manifest file. The tab can be overridden by command line tags that use the same name.
Supported Operating Systems
The vRealize Log Insight Importer is supported on the following operating systems:
Windows 32 bit and 64 bit
Linux 32 bit and 64 bit
The Linux version does not run on an Apple Macintosh system.