Any Log Insight user can create a content pack for private or public use.
Content packs are immutable or read-only plug-ins to vRealize Log Insight, that provide predefined knowledge about specific types of events, such as log messages. The goal of a content pack is to provide knowledge about a specific set of events in a format that is easily understandable by administrators, engineers, monitoring teams, and executives.
Content packs give information about the health status of a product or application. In addition, a content pack helps you understand how a product or an application works.
You can save the information from a content pack by using either the Dashboards or Interactive Analytics pages in vRealize Log Insight. The information in a content pack includes:
- Queries - A content pack usually contains at least three queries and three chart widgets for each dashboard, which means more than nine queries in total.
- Fields - Fields can be used in multiple ways for aggregations and filters. For example, functions and groupings can be applied to fields, and operations can also be performed against fields. A field should include as many keywords as possible to improve performance.
- Aggregations
- Alerts - A content pack contains at least five alerts.
- Dashboards - A content pack contains at least three dashboards.
- Dashboard filters - See Searching and Filtering Log Events.
- Visualizations - See Using the Interactive Analytics Chart to Analyze Logs.
- Agent groups - vRealize Log Insight agents that are used as logs collection mechanize.
By default, vRealize Log Insight ships with the VMware - vSphere, VMware - vRealize Operations, VMware vSAN, and General content packs. You can import additional content packs if needed.