vRealize Log Insight 3.0 has been released few days back. The product keeps evolving and it's bigger, faster and stronger in every release. This is already the 5th release! The new Log Insight 3.0 is (according to VMware) as twice as faster and have doubled the number of nodes since previous release ( up to 12 nodes ).
Each node can be updated with single click without affecting the rest of the cluster. In one of my previous posts I have detailed the Windows MSI … The installation is easy with MSI file which can be rolled out in mass deployment via GPO. The centralized Log insight server can then mass-configure those agents remotely via the ingestion API.
The Windows agent is capable to talk to vCenter Log insight over the Ingestion API, but also can use syslog. The ingestion API supports 1000s concurrent clients. The native Windows agent (runs as Windows service) has low memory and CPU footprint and collects events from standard or custom Windows event channels, but also collects logs from flat files and directories. For Windows based vCenter servers which stores logs in directories and files (not in Windows events) this can be a very useful solution of collecting logs.
Note that for my lab environment I chose the “Extra Small” option, which has 2 vCPU, 4Gb of RAM.
From the release notes…
vRealize Log Insight for Large Environments
- Each node can ingest two times more data per second than in vRealize Log Insight 2.5.
- Ingestion rates of up to 15,000 events per second (eps) are supported per node.
- The number of nodes that can be included in a vRealize Log Insight cluster has doubled.
- A cluster of 12 nodes can be formed that can process 2.7 TB of data per day.
Powerful Analytics Engine
- Multi-Function Charts
Compare different aggregation functions within the same chart using the multi-function chart. Chart multiple functions, such as MIN, MAX, and AVG.
- Interactive Analytics Snapshots
Visualize your log browsing history for an improved workflow using the snapshots feature. Compare two or more queries or save multiple snapshots to create new dashboards. For more information, see the vRealize Log Insight User's Guide.
- URL Shortener
Share shortened URLs with your colleagues when directing them to Interactive Analytics.
- Event Types Highlighter
Identify individual events quickly by highlighting an Event Type. Event Types show summarized event data. All messages with a similar structure are grouped together and treated as a single Event Type.
- Event Trends
Set custom time periods as baselines when comparing event trends.
Low Touch Administration
- High Availability Through a Leader-Based Architecture
If a master node is removed from service temporarily, another node assumes the role, enabling high availability for Query, Alerting, and Configuration processes.
- Hands-Free Rolling Upgrades
Upgrade a cluster of vRealize Log Insight nodes at the click of a button. Each node is removed from service gracefully, and upgraded without the need for an external load balancer.
- Event Forwarding with UDP Support
The vRealize Log Insight Event Forwarder now supports syslog over UDP in addition to TCP.
- Hadoop Archiving Endpoint
Archive data directly to a Hadoop Distributed Filesystem (HDFS).
Lightweight Agent for Data Collection
- Agent Group Configuration
Apply agent configurations to a group of agents from the vRealize Log Insight user interface, enabling classful centralized mass-configuration.
- Client-Side Parsers
Achieve faultless event parsing by providing a list of fields within the agent configuration file. Key-value pairs (KVP), comma-separated values (CSV), Apache Common Log Format (CLF), and flexible timestamps are supported. For more information, see the vRealize Log Insight Administration Guide.
- vRealize Log Insight Agents Support Communication Over SSL
In addition to support for securely sending data over CFAPI SSL, vRealize Log Insight 3.0 now supports sending events over syslog with SSL.
The possibility of extend the default vSphere dashboard with other pre-defined dashboard by installing a content packs makes the product very versatile. You can easily change dashboard by clicking the VMware vSphere drop-down…
Video of Installation/configuration of Log Insight 3.0 in my lab… (no voice). Watch full screen and HD.
What You'll see in this video?
- Log Insight 3.0 deployment from OVF
- vCenter and vROPs Integration
- How to add few content packs from the Marketplace
Note: In case you want to upgrade, you can do so by using a PAK file. Check my post on How-to upgrade Log Insight…
Source: VMware Cloud Management Blog