VMware Cloud Community
stanj
Enthusiast
Enthusiast
‎09-20-2017 11:22 AM

vRealize Log Insight and Content packs or Splunk?

We have a four node cluster running vSphere 6.0 U3a.

We are setting up a test and dev system for developing a datacenter.

The datacenter will need to log traffic and alerts from different sources (taps, Bro, etc).

The question came up that Splunk can be used to ingest the logs and data and then use the Splunk dashboards to display anomalies and alerts. 

I hear Splunk can be expensive and somewhat difficult to develop dashboards.

vRealize Log Insight is a tool that can be used to alert a user to what is going on in a vSphere environment (ram spikes, disk usage, etc).

But, can vRealize Log Insight be used to ingest in different types of data as in what I describe above?

Anyone doing anything similar, that is ingesting logs and data from other sources and using vRealize Log Insight to display anomalies and alerts, etc.

thanks

Tags (1)
0 Kudos
2 Replies
daphnissov
Immortal
Immortal
‎09-20-2017 11:40 AM

You'd probably get more feedback from the Log Insight forum rather than the vRA one, but yes, absolutely. Log Insight can ingest anything that can send logs. Through the use of content packs which include parsers, extracted fields, and dashboards (all of which you'd have to build manually in Splunk) you can essentially get an out-of-the-box experience with those external sources. Those content packs are free btw and are for everything from servers to storage.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
stanj
Enthusiast
Enthusiast
‎09-21-2017 04:08 AM

Thanks for the input.

I am hoping that there are some users implementing something similar

I did not see the Log Insight forum.

I will re-post to that forum once I track it down

0 Kudos