VMware Cloud Community
stanj
Enthusiast
Enthusiast

vRealize Log Insight and Content packs or Splunk?

We have a four node cluster running vSphere 6.0 U3a.

We are setting up a test and dev system for developing a datacenter.

The datacenter will need to log traffic and alerts from different sources (taps, Bro, etc) and produce alerts to an operator if something is found in the logged data that seems to be amiss.

The question came up that Splunk can be used to ingest the logs and data and then use the Splunk dashboards to display anomalies and alerts.

I hear Splunk can be expensive and somewhat difficult to develop dashboards?

vRealize Log Insight is a tool that can be used to alert a user to what is going on in a vSphere environment (ram spikes, disk usage, etc).

But, can vRealize Log Insight be used to ingest in different types of data as in what I describe above?

Anyone doing anything similar, that is, ingesting logs and data from other sources (syslog, taps, pcap,,) and using vRealize Log Insight to display anomalies and alerts, etc.

thanks

Reply
0 Kudos
2 Replies
euroreg
Contributor
Contributor

Hi Stanj,

if you ask me, then i would say go with splunk. Everyone who tries to compare those two things is wasting time. Except the feature "search logs" those two products cannot be compared.

Currently LoInsight it is a Log Management solution. And this job is perfectly done.

Some differences (from my point of view)

* LI has no comparable mathematical functions, cannots find outliers, similar words (levenshtein)

* The content packs are nice, but there are not so many available. (vmware products do have a great coverage). Splunk has far more extractions and Applications Addons

* LI has nothing like "Splunk Stream"  Splunk Stream | Splunkbase .

* An output from a search cannot be an input for the next search. You cant do lookups like in splunk.

* in splunk you can build a dashboard with html form fields so you can dynamically build your searches.

* at least for security analysis LI seems to be the wrong product.

This list can be extended.

if you have the money, go for splunk.

this are my 2c, if someone here in the community can counter my points, please go forward and tell me. i would be really interested in the answers. Maybe LI will provide some more features in the future.

regards

E.

Reply
0 Kudos
theaaronstrong
Enthusiast
Enthusiast

I agree with euroreg's comments. Log insight is specific for VMware. There are some plugins, but with the custom alerts and dashboard, I think Splunk is the better offer.

If you want to have a bake off, Log insight does have a free 25 license per vCenter license.

Reply
0 Kudos