You can change the aggregation and grouping of query results displayed in the chart to graphically analyse log events.
The number of drop-down menus that you see under the chart depends on the selected aggregation function.
Prerequisites
Verify that you are logged in to the vRealize Log Insight web user interface as a user associated with the User role, or a role that has the relevant permissions. For more information, see Create and Modify Roles in Administering vRealize Log Insight. The URL format of the web user interface is https://log_insight-host, where log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
Procedure
- Use the drop-down menus under the Explore Logs chart to change the aggregation function and grouping type.
- To view the number of events over time, select the Time series button.
- To view only event values, select the Non-time series button and select at least one field.
- Click Update.
Example: Aggregation and Grouping in the Explore Logs Chart
The following table contains examples to illustrate aggregation and grouping in vRealize Log Insight charts.
Selection in the First Drop-Down Menu | Selection in the Second Drop-Down Menu | Time series selection | Text Displayed on the Screen | Result |
---|---|---|---|---|
Count | Time series | Time series | Count of events over time | The chart displays a bar chart with the number of events for the current query over time. |
Average | vmw_op_latency (VMware - vSphere) | Time series | Average of vmw_op_latency (VMware - vSphere) over time | The chart displays a line chart with average value of operations latency over time. |
Count | vmw_esx_problem
Note: Thevmw_esx_problem field does not appear by default. You must extract the vmw_esx_problem field and save the query so that vmw_esx_problem appears in the drop-down menu.
|
Non-time series | Count of events grouped by vmw_esx_problem | The chart displays a bar chart of the number of events for containing the vmw_esx_problem field. |
Count | Time series, vmw_esx_problem | Time series | Count of events over time grouped by vmw_esx_problem | The chart displays a stacked bar chart grouped by vmw_esx_problem over time. |