How does the vROPs to LI integration work?   I installed the vROPS LI .pak file that was available from the vROPs download page.  Is this not what is needed for this integration?

With regard to LI automatically mapping objects to vROPs,  is this just for alerts or will it do this OOB?

Thanks,

-Mattg

A new one was released and is available on Solution Exchange - I would suggest upgrading, but yes this is what I am was referring to. Install the MP and then configure vR Ops integration on LI (/admin/vrops) and everything else is down for you. The only other user step would be configuring alerts to send to vR Ops.

The inventory mapping is OOB if you did the above and the vR Ops instance used is integrated with a vSphere instance that is logging to LI.

I cannot figure out what needs to be done with the vROPS pak for LI.   It says no configuration is needed?  Is that correct?  I don't need to configure it,  just configure LI to vROPS integration from LI?

-MattG

Correct

Just a question on the OOB inventory mapping/alert configuration. I'm not sure if I'm doing something wrong or there's just some kind of bug on my installation.

I've a Log Insight Server 2.5 that was upgraded from 2.0 (that was connected to our old vcops 5.8 enterprise) and now it's connected to our vrealize Operations 6 (vCloud Enteprise license). Log Insight and vROPS are getting logs/monitoring the same vcenter server.

I was expecting that to enable alert forwarding I just have to do those things:

1) Going on Interactive Analytics

2) Opening the Manage Alerts (on the red bell icon)

3) checking one Alert from the vSphere Content Pack (like Storage: Snapshot consolidation required)

4) editing it and enabling "Send to vRealize Operation Manager"

5) Click "Save to My Alerts"

I get and invalid value on the Resource ... and I should select one but this is a "generic" Alert i was expecting that it will go on the correct object.

Hello,

No, I think you have to "Select a vRealize Operations Manager resource to associate with the notifications events". Hope this helps.

-Yogita.

Yes but that Alert is not something related to a single vm and the same is for all alert for the vsphere loginsight monitoring... I was expecting that after integrating log insight with vsphere and vrealize operations Manager those alerting could be sent to the correct object automatically (probably I've not understood the integration well):

From the previous posts, this one: 

- Sending alerts from LI to vR Ops -- as well as automatic mapping to the right object if your LI query groups by a field (object) known by vR Ops (this automatic mapping is new)

and this one:

- The inventory mapping is OOB if you did the above and the vR Ops instance used is integrated with a vSphere instance that is logging to LI

If you select say VM-abc, it will send alerts to all/any vms that sent log messages that triggered the alert  - if the alert is triggered by log messages that aren't matched to vrops objects, it will send the alert to VM-abc. Does that help a little?

-Yogita.

So The resource I'm choosing is just the "default" VM for alert that in some way are not generated by a vm/esx or whatever that is not monitored by vrops.

Let me make an example: if I have 2 vcenter (vcA and vcB) with their esx servers sending logs to log insight and only one vcenter (vcA) is monitored by vrops. Iif the alert is from an esx server/vm of the vcA (monitored) the alert will go automatically to the object that generated it and is monitored by vrops, if the alert instead is generated by vcB that is not monitored by vrops it will go to the "default" resource I've selected in the resource.

Is this correct?

Yogita is correct and yes so is your example

I've enabled some alerts on log Insight to go to vrealize and to go to default to one of the host.. now what I see is that the alarm are going all to the default host.

As an example I've enabled the nfslock failed check and i get some logs for failed events but they don't go to the esx server but on the vm i've set as default.

I was thinking that those should go to the single object into vrealize...

There's something wrong I'm doing?

Hmm this looks like a valid ESXi host to me. You can see in the events on IA that you are getting tags like vmw_vr_ops_id, which proves that the inventory service mapping is working. This means the alert should be sent to the correct object, but this does not appear to be working. Can you please file a SR and post the SR number here? Also be sure to upload a support bundle from Log Insight.

Thanks, it seems strange to me also... I was not sure of what I should get but that way it seems really wrong and unuseful.

I can confirm that on vrops the esxi hosts appear and are correctly monitored.

Tomorrow I can open the SR and attach the support bundle...

I'm not sure if this can be something useful to know but If i try to unconfigure the vrops integration when I click "save" i get the button continuing to have the icon animation as if it was working on something for hours but it seems that it does nothing (I was thinking to unconfigure/reconfigure vrops integration) and when i go back on vrops integration page I see that all is still configured.

The log insight I'm using is a 1.5 first upgraded to 2.0 then to 2.5 (if I remember well) and at this moment it's not used in production so probably I can try a clean 2.5 install and check if something start to work before opening the SR.

OK, did some testing and received confirmation - what you are seeing is a bug. To make it work, you have to use non-aggregation queries. In short, remove the group by hostname and then create an alert and it will map properly (just tested). Feel free to file a SR anyway, but know that a bug has been filed. I hope this helps!

Instead of changing the query and saving it back I've tried changing the Alert itself from the "When more then x event occur in a single group in the last x hours" to  "On any match" and it seems to work correctly.

Yes, it would appear the issue is not aggregation queries, but the use of the third radio threshold button under alerts.

This is not possible today, but is being considered for a future release. A management pack in the future could provide this functionality for example.