In the last post I described why log monitoring is important and what you can use to monitor your logfiles and how you can deploy vRealize Log Insight.

In this post I will walk you through the interface. It will be a short post, since the rest of the series will go deeper into the product.

If you skipped adding agents you get to the main screen of Log Insight. This screen is your home for monitoring and analyzing data.

In the screenshot below you see the main interface of vRealize Log Insight. This is the first screen you see when you’re logged in.

li-mainscreen

The screen is divided into four parts parts:

  • the menubar, all the way to the top
  • the dashboard selection. It’s the left part of the screen
  • The widget/chart area, which is the bottom part of the screen on the right
  • The filtering area, which is the top part of the screen on the right

The menubar

On the menubar you can select if you want to see your data (dashboards), if you want to analyze your data (Interactive Analytics), change your password and e-mail address (admin in this case) or if you want to change settings or add management packs to Log Insight (the three bars)

li-menubar-right li-menubar-left

In this article the focus will be on the dashboard and what you can do with it. In another article in the series about Log Insight I will go into the admin side.

Dashboards

In vRealize Operations you can create your own dashboards with useful metrics that you want to monitor closely. Any query can be turned into a dashboard widget and visualized for any range in time. You can check the performance of your system for the last hour, day, or week. You can view a break down of errors by hour and observe the trends in log events. Dashboards are a collection of different charts or queries. When you log in for the first time there is already a dashboard for you under My Dashboards: Dashboard 1.

The first thing I recommend is renaming the dashboard to something useful. I named mine “Day-2-day Ops”.

li-day-2-day

As you can see on the screenshot I renamed my dashboard already. If you hover above the title of the dashboard a cog appears. When clicking it gives you the option to clone, to rename or delete the dashboard. Log Insight has a lot of information to offer, so it is wise to create your own dashboards for specific tasks.

Widget/Charts area

The widget/chart area contains information you want to show. The default dashboard has one widget already, “Total Events”. It shows the number of total events received with a timeframe. When you click the cog on top of that widget you can clone the widget to another name or dashboard.

li-clone-widget

For each widget you can select which kind of chart to show. You can select column, line, area, bar, pie or bubble, depending on the data.

li-cloned-widget

On the right side of the widget you have the option to strech the widget across the width of the dashboard.

li-cloned-widget-wide

Filtering and selecting

As I said the top portion of the screen is for filtering and selecting. By default it shows the last 5 minutes of data. If you want to update the data shown, you can select latest 5 minutes, latest hour, latest 24 hours or a custom time range. If you want to manually update the screen, click the update button.

li-filter

li-filter-on-24hrs

If you charts show more data than you want you can filter the data on a custom time range.

 

 

Interactive Analytics

If want to dig deeper into the data you can use the interactive analytics. When you click on the cog in a graph, or click on the Interactive Analytics tab option you can search and filter log events, and create queries to extract events based on timestamp, text, source, and fields in log events.

li-edit-interactive

li-interactive

Here are a couple of screenshots of the interactive analytics:

loginsight-analytics

li-interactive2

 

 

 

Interactive Analytics allows sysadmins to drill down into log messages, to determine problem areas, and to perform root cause analysis based on the text from logfiles, syslog and more.

Since Log Insight gives you the possibility of structuring your logfiles you can create your own custom fields by selecting any part of an event and then selecting the Extract Field button that appears to the right of found fields in an event row, or selecting the Extract Field button in the Fields section of the Interactive Analytics page. This way you can make a query field from something that wasn’t considered a field in the first place.

I will keep the admin interface for another time.

li-admin2

 

Watch it in action

The video below gives you more insight into vRealize Log Insight interface.