Log Insight UI Walkthrough 4.3

For those that would rather watch a video otherwise, scroll past: 

 

Welcome to the walkthrough of the Log Insight UI

So, Log Insight is installed – what’s next? How do you use it? First, you’ll need to have an understanding of the UI and where everything is, in order to better utilize its capabilities.

After logon, Log Insight will present you with the last screen you had open. Or If this is a new installation it should be redirected to the dashboards page. Let’s start there.

At the top, you have the program name itself. It is clickable and acts as a refresh button. If you look at the html code for it, it just points back to the installation of itself.

Dashboards Overview

Next you have the dashboards button, this takes you to your dashboards. The dashboards page is a collection of widgets. What widgets are displayed is entirely dependent the content packs installed. Log Insight should be connected to vsphere at this point so at a minimum there will be the General and Vmware – vSphere dashboards. I have a few more installed since I have a Dell server with an iDrac or their remote access card installed, and I have a Synology in my environment.

If I click on the General item, it has a few dashboards underneath it.

I will click on the Overview item. In the Widget Pane in the center, you see a number of little squares. These are your widgets. These can be displayed a number of different ways, numerically, graphically, or it can be text if the widget is a query.

If we hover over a widget we see a small menu on the top right.

There are three items and from left to right, the first one will open up interactive analytics and show you the data on the widget in the actual logs. The second icon will show you information about what that widget is displaying. The final icon will clone that widget to another dashboard so that you can create a personal dashboard of widgets.

Up at the top of the widget pane there are filtering options available. These will apply to all the widgets underneath. A number of common filters are already provided but if those won’t work, you can add new ones. You can also restrict the time to a specific period for the widgets, which is handy when in a large environment with tons of logs.

Interactive Analytics Overview

Next at the top, we have the Interactive Analytics button. This page allows you to perform searches on the logs ingested. You can use expressions and addition criteria to filter the data.

There is a lot going on with this page. Starting at the top, there is a large bar chart. By default, this bar chart displays the count of all events seen over the last 5 minutes. All log entries in logs is seen as an “event” by Log Insight. Looking at the bar chart allows you to see the flow of logs as they are seen by Log Insight. This can be manipulated into showing other data however. The line right below the graph allows you to change what you are looking at and how.

You can also change how it displays it since bar charts may not always work best for the data you are trying to display. You can choose between columns, lines, area, bar, pie, bubble, gauge, table, and scalar charts and setup the axis to best suit you.

Some options may be greyed out, this is because the type of data that is currently being displayed can’t support that particular graph. Underneath, the actual log entries are displayed.

At the top is a search bar where you can type in terms or expressions. You can then refine those even further by adding filters using the ‘+ Add Filter’ button. When you create these filters, Log Insight will help you out by autocompleting names or other data found in the logs. Once you have created a query that gives you important data, you can save the query using the star button to create a favorite. This is part of the 4 button tool bar displayed at the end of the search bar.

You can use the dashboard icon (second icon) to send that query to either a personal dashboard or a shared dashboard. The alarm button (third button) allows you to create an alert from the current query or manage alerts in general. The final button allows you to share the query or export the results.

That log data itself can be shown a number of ways as well.

There are events, which show every line item as a separate event. There is field table which parses all the events out into a table with headers. There are event types, which will move like events into a group with a number at the beginning of the line, showing you how many instances of that event exist. The last item is Event Trends. This shows a comparison of an event and whether that event is now trending and becoming more frequent, staying static, or decreasing in frequency. It shows this by color coding at the front of the line. Green shows an increasing trend, red a decreasing.

Also of note is that you can color code the events to group like items together. At the beginning of the event line you will see a little gear icon. Click on that to pop up a menu to give you more options. You can track down more events like the one you are highlighting, exclude them, or colorize event types.

 

The Fields pane on the right, will allow you to see a graph that will give you information on how prevalent an item is to other like objects and to the overview chart.

Admin

Going back up to the top, you have two buttons left. One is “Admin” which allows you to see your role, email, and change your password. The second icon, which looks like 3 lines, is your administration and settings icon. This will allow you to change settings and configuration of Log Insight, and add Content Packs for products.

There is a lot more information to fully explain Log Insight and I highly recommend going to learn more about this powerful product from VMware’s Log Insight documentation page here, https://www.vmware.com/support/pubs/log-insight-pubs.html