Cederberg's Posts

Hi. We have an log insight enviroment installed that has an vrealize suite (Full) licens, that displays OSI Unlimited and CPU Unlimited. The license came with our Enterprise plus vsphere licen... See more...
Hi. We have an log insight enviroment installed that has an vrealize suite (Full) licens, that displays OSI Unlimited and CPU Unlimited. The license came with our Enterprise plus vsphere license. This means that all our Virtual servers and ESXi servers ar licensed for log insight. But we still have a few non-esxi physical servers that also need to be licenced for Log insight. Now to my questions. Is it possible to mix CPU and OSI licenses in Log insight? Is it even possible to have 2 licenses active at the same time regardless of Type? Hope someone has an answere for me. Thanks. Best regards /Mattias Cederberg
Hi. At least for Hosts inactive hosts are removed three months after the last ingested event. According to Vmware documentation. "Entries in host tables expire three months after the last ing... See more...
Hi. At least for Hosts inactive hosts are removed three months after the last ingested event. According to Vmware documentation. "Entries in host tables expire three months after the last ingested event." Monitor Hosts That Send Log Events I'm guessing but can't confirm it might be the same for agents?
No I couldn't find anything that could extract other users dashboards. There probably isn't an official way as the Users has choosen not to share it so it's "private" to that user. So if there is... See more...
No I couldn't find anything that could extract other users dashboards. There probably isn't an official way as the Users has choosen not to share it so it's "private" to that user. So if there is a way my google-skills can't find anything i'm afraid.
Hi. You can export your dashboard, queries, alerts, agentsgroups and extracted fileds as a content pack. Navigate to content pack menu in the left menupane select My Content or Shared Content.... See more...
Hi. You can export your dashboard, queries, alerts, agentsgroups and extracted fileds as a content pack. Navigate to content pack menu in the left menupane select My Content or Shared Content. Then in the main window beside the name klick the gearicon and choose export. here is a link to the official instructions from VMware Export a Content Pack Best regards //Cederberg
Hi. To get all the text in to one logevent you need to define a event marker in your filelog config it's right under the directory line in the gui. I see in your screenchot you only had the de... See more...
Hi. To get all the text in to one logevent you need to define a event marker in your filelog config it's right under the directory line in the gui. I see in your screenchot you only had the default ^ in the textbox for event marker and ^ means start of line if i'm not misstaken. So you need to do a regexp for the start of every event. If for example every line starts with the timecode you have in the example you gave you need to match that in event marker. ^\[\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}-\d{2}:\d{2}\] will match lines that starts like this [2020-06-10T15:28:10-04:00] and put everything after that into one log event until the next match. The parser can then be used to parse the event into fields for filtering. Hope that helps Best regards //Mattias
Hi. When i download the SRM 8.1+ Content pack in our test enviroment (8.1.1) there seem to be two agent groups avaliable. One for SRM windows installation and one for SRM Virtual appliance. Y... See more...
Hi. When i download the SRM 8.1+ Content pack in our test enviroment (8.1.1) there seem to be two agent groups avaliable. One for SRM windows installation and one for SRM Virtual appliance. You mentioned SRM_logs which seems to be the filelog for Windows installations of SRM. In the agent group vSphere - SRM (Virtual Appliance) (vmware - SRM 8.1+) the filelog is namned SRM_VA_logs and contains the correct path for the SRM logfiles. for example directory; /var/log/vmware/srm Include files: *.log and an event marker regex. Best regards //Cederberg
Hi. I know it's a bit old this post and i guess you have probably solved it by now. But to mark an event with mulitple lines you need to use the Event marker option on the file logs. The defau... See more...
Hi. I know it's a bit old this post and i guess you have probably solved it by now. But to mark an event with mulitple lines you need to use the Event marker option on the file logs. The default value for that option is ^ which match all new lines. If for example your event starts with [2020-06-09] you need to regex match that with something like this ^\[\d{4}-\d{2}-\d{2}\]. Then it should only be a new event when the regex pattern match a date. Hope that helps if you hadn't solved it before. Best regards //Cederberg