I installed Log Insight (version 1.5.0-1435442) several weeks ago and connected it to vCenter. At that time we were running vCenter 5.5 and ESXi 5.1 U2. Log Insight was picking up some stuff from vCenter that I was going to start looking at and appeared to be working fine. I upgraded to vCenter 5.5 U1 and ESXi 5.5 U1 last Wednesday and the amount of data coming from that environment has increased exponentially. The Log Insight appliance indicates that it's dropping 500 million events a day. I don't really know where to begin with identifying what the issue is. The vCenter and ESXi servers appear to be operating appropriately. There seems to be an excessive amount of logging occurring. The average ingestion rate is 2,847 per second and we only have 16 ESXi servers and vCenter, a couple of UCS pods, and vCOPS configured to send info to Log Insight. From what I can tell there is barely anything coming from vCOPS and UCS.
To address the drop issue you will need to increase the resources on the Log Insight virtual appliance. You will need at least 8 CPU, 16 GB of memory and 1000 IOPS to keep up with that load. Once you address the resource issue, go to the Interactive Analytics page and just below the chart, change from count of events over time to count of events by hostname. This will tell you which devices are generating the most events in your environment. I hope this helps!
To address the drop issue you will need to increase the resources on the Log Insight virtual appliance. You will need at least 8 CPU, 16 GB of memory and 1000 IOPS to keep up with that load. Once you address the resource issue, go to the Interactive Analytics page and just below the chart, change from count of events over time to count of events by hostname. This will tell you which devices are generating the most events in your environment. I hope this helps!
Does my answer address your question? If so, can you please mark this question as answered?
I didn't increase the size of the virtual machine because it was sized appropriately, but your answer was extremely helpful in helping me identify what ESXi host was spewing logging. It ended up being a couple of ESXi hosts complaining about Active Directory and I rebooted them and the issue went away. Thanks a lot.
For some reason the buttons to mark the post as correct are not here?
Glad it helped!
Appears to be a bug in IE, try a different browser ![]()
