Log Insight for vCenter


VMware recently announced a price increase for vCenter from $4,995 to $5,995.  With this increase,  vCenter will now include 25 licenses on Log Insight with each vCenter license.   While this may seem like a big price increase especially if you don't want the  Log Insight licenses,  consider this….

Log Insight

Log insight is a product that  Vmware added to its portfolio a couple of years ago.  If you are familiar with Splunk then you are familiar with Log Insight.    Log Insight is VMware's answer to Splunk.   It takes log/event data, tags it, and correlates into product specific dashboards.   Here is the library of current Log Insight dashboards:
https://solutionexchange.vmware.com/store/loginsight


These dashboards are installed from the Log Insight GUI.   Simply click on the Install button and the dashboard will start correlating related data into product meaningful dashboards.

Log Insight is a simple appliance install.   Just point it at vCenter and your hosts are automatically configured to send their logs.  Login to the Web interface and view the dashboards or search the raw data.   Want to further correlate data across other technologies that are inline of the vSphere install such as switches, routers, and SAN?   Configure the syslog service on those devices to send to Log Insight. 
NOTE:  The 25 Log Insight for vCenter Server licenses are only valid for vSphere hosts and vCenter.   Additional licenses can be purchased to receive syslog files from other sources.   A Windows agent can be added to receive and analyze Windows events as well.

A tool for every vSphere admin

Just as with Splunk the power of Log Insight lies in its ability to aggregate log data from different product types into a single searchable store.   This store makes it easy to find the needle in a haystack.  For example,  your environment is experiencing VM slowness.  From the data gathered from support calls it is determined that the issue began sometime during the 7AM hour.  With Log Insight you open the Interactive Analytics page,  change the time scope of your search to the 7AM hour and click search.   By default you will see the hour broken down by the amount of log data generate per minute.   Minutes 7:00-7:15 look normal,  but from minute 7:16 on that the amount of events tripled. Double click on minute 7:16 to further narrow the troubleshooting.   Just as with hour chart showing 60 minutes of data,  double clicking on a minute it will narrow the chart to 60 seconds of chart data for that minute.   The seconds view shows that the event data started increasing rapidly at 7:16:32.  Click on second 32 shows the associated logs  in the bottom pane. Not knowing specific search terms you are able to narrow down your search to when the issue began,  and from looking at the data you can see that most of the logs are referring to a disk disconnects and latency.  Time to talk to the storage team.

Get ready
Log Insight for vCenter should be released soon.   Sign up here: http://vmware.us7.list-manage.com/subscribe?u=8883ed972be404bb0bec04558&id=1af2ef6764 to be notified when it is released.

Since it will be included with all vCenter instances with a support contract,  I highly recommend installing Log Insight as soon as it is released.

*Update*

Log Insight 3.3 is now available for download: http://sflanders.net/2016/03/02/log-insight-3-3-available-now/

Labels: , , , , ,