Log Insight is a log aggregation, management and analysis tool, that VMware first introduced in 2013 and considered a competitor of Splunk.
Yesterday VMware announced the release of version 4.5, available for download here.
Most of the focus for this release goes to the integration with vRealize Operations which, in short, means:
- Direct launch into Log Insight Dashboard
- Direct launch into Log Insight Interactive Analytics mode
- Object auto-initiated log management
- vRealize Operations Alerts auto-initiated log management
The remnant new features are split into 4 areas:
Server Features
- Added API to query alert execution and notification history
- Added ability to specify basic authentication for webhooks
- New product configuration APIs added
- The source field is maintained when forwarding from vRealize Log Insight forwarder to a vRealize Log Insight server
- Hosts on the /admin/hosts page can now be exported
- Support for external servers has been deprecated
- VMware Identity Manager (vIDM) is recommended for vRealize Log Insight. Native AD support is now deprecated.
General User Interface Items
- Dashboard legend mouse-over in one widget now highlights corresponding chart items across widgets
- Added ability to show a given time across all dashboard chart widgets simultaneously
- Separate options are available for descriptions and recommendations for user alerts.
- User alert history for aggregation queries now includes count
Agent Items
- Added ability to send unaltered raw syslog to destination server
- Added ability for agent syslog parser to parse structured data (SD), PRI, PROCID, and MSGID syslog fields
- Added auto-update checkbox option on MSI user interface
- Added support for sending logs to multiple destinations
- Added directory wildcard support
- Added support for Photon OS
- Support for Ubuntu 12.04 LTS has been deprecated
Content Packs
- Updated General and vSphere content packs
- VSAN and vROps content packs included out of the box