You can define a data set to provide users access to specific content.
Prerequisites
Verify that you are logged in to the vRealize Log Insight web user interface as a Super Admin user, or a user associated with a a role that has the Access control permission with Edit access level. The URL format of the web user interface is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
Procedure
- Expand the main menu and navigate to Management > Access Control.
- Click Data Sets.
- Click New Data Set.
- Enter a name and description for the data set.
- Click Add Filter.
Tip: The
This data set restricts other data sets check box determines how a data set should behave when combined with other data sets. For example, you have two data sets:
Data set 1:
hostname contains "host"
appname contains "app"
Data set 2:
severity contains "error"
If both of these data sets are added to a role, the resulting combined data set would be:
(hostname contains "host" AND appname contains "app") OR (severity contains "error")
However, if you select the
This data set restricts other data sets check box for data set 2, the combined data set would be:
(hostname contains "host" AND appname contains "app") AND (severity contains "error")
- Use the first drop-down menu to select a field defined within vRealize Log Insight to filter on.
For example,
hostname.
The list contains static fields only and excludes fields that are extracted, user shared, and fields created through event_type filters.
Note: Numeric fields contain the additional operators
=,
>,
<,
>=, and
<=, which string fields do not. These operators perform numeric comparisons. Using them yields different results than using string operators. For example, the filter
response_time
=
02 matches an event that contains a
response_time field with a value 2. The filter
response_time
contains
02 does not have the same match.
- Use the second drop-down menu to select the operation to apply to the field selected in the first drop-down menu.
For example, select
contains. The
contains filter matches full tokens: searching for the string
err does not result in
error as a match.
- In the filter box to the right of the filter drop-down menu, enter the value that you want to use as a filter.
You can use multiple values. The operator between these values is OR. If you are using the
_index field in one of the filters, the operator is AND.
Note: The box is not available if you select the
exists operator in the second drop-down menu.
- (Optional) To add more filters, click Add Filter.
- (Optional) To verify that the filter behavior is what you want, click Run in Explore Logs page, which opens an Explore Logs window with data that matches your filters.
- Click Save.
What to do next
Associate a data set with a user role. See Create and Modify Roles.