VMware Cloud Community
vmedzeusky
Contributor
Contributor
‎10-13-2022 11:52 PM

VRLI is not showing a filter by source address, destination address, port number

I'm trying to do the simplest query imaginable in vRealize Log Insight Manager: From source IP x.x.x.x to dest IP y.y,y.y. 
BUT when I click on the search by box - nothing appears for source IP. The best I can do so far is do a text search with the
address. I've used VRLI in the past and been able to search on specific fields. Any idea what might be missing in this
environment that I can not do so? vRealize Log Insight GA Version 8.8.2-20056468

vmedzeusky_0-1665703797314.png

vmedzeusky_1-1665703930825.png

vmedzeusky_2-1665704059929.png

 

 

 

0 Kudos
1 Reply
Cederberg
Enthusiast
Enthusiast
‎11-01-2022 06:00 AM

Hi.

As you can see in your third screenshot, the log entry is not parsed. It only identified source, event_type, Facility, priority, hostname, appname. which seems like default fields to me. To get the log entry divided into fields it needs to be parsed. If you can successfully parse the logs you can then search the specific fields produced by the parser

I'm not sure where the logs are from but if there is a matching Content pack (Content packs -> Market place) you can install it and it should be able to identify the fields for you. If for example it is a NSX-T log the content pack VMware-NSX should provide the parsing for you.
If you are collecting the logs with loginsight agent (For example a file log) you need to define a parser either from scratch or using one of the templates contained in relevent content pack. under Management -> Agents

0 Kudos