I saw in the Log Insight user guide that it was possible to manually import log files for analysis. I can not find this in the UI. Anybody find a way to do this?
Thanks, makes sense. We will be providing directions on how send non-syslog traffic over the syslog protocol as a workaround.
Manual import is only supported for Log Insight archives, i.e. the files that are generated if you enable archiving and provide an NFS location. Log Insight 1.0 is intended for live syslog sources.
Can you provide some more details about your use case? I would be happy to understand more so we can consider feature requests for future releases.
Thanks,
--Spiros
Ok, I understand what the import process is intended for now. So, here is what I was trying to do or expecting.
I'm a Splunk user, so they have the ability to suck in any syslog from any application, not that I need that detail, but it would be nice to reference other VMware applications or Third Party applications that run on top of VMware's stack. It would be very useful to layer all logs on top vSphere logs to see patterns and diagnose whether a problem is application based or vSphere based.
Just to fully understand the request, a follow-up question - couldn't you just have other VMware applications and/or Third Party applications forward logs to Log Insight over the syslog protocol?
Yes, that could work I guess, but it looks like the dashboard and the analytics would not parse other applications correctly or give a clean interface to diagnose. I'm just wondering if it could be possible to mimic some of the functionality that Splunk has developed for the virtualized environment.
Today, Log Insight comes with the vSphere content pack to give you information about your vSphere logs. In the future, additional content packs will be provided to give you information about other types of logs messages. In the meantime, you can extract meaningful information from your log messages from the interactive analytics page. From there, you have the ability to extract fields, construct queries, apply functions, group information, save dashboards, and create alerts. In short, you have the ability to do this today.
The more information you can provide about specific use-cases the better. For example, what are you trying to do that you cannot and why would you like to do that?
That's good to know. Thanks.
I guess one use case, is the ability to import log files from other applications that don't have the ability to export to a syslog server.
Thanks, makes sense. We will be providing directions on how send non-syslog traffic over the syslog protocol as a workaround.
Hey Todd - did your question get answered? If so, can you mark it as answered?