We started using Log Insight (project Strata) at Tech Preview 2. We had a need for log aggregation solution and thought we'd give it a try on our lower environments. We have used it for different purposes.
- 1st time was with analytics. when we deployed it, I had setup a dashboard to see "warning" level alerts. 3 of our 120 hosts were far surpassing the others in errors. After clicking down into the bar graphs we saw a high number of Active Directory related errors. After rejoining 2 of those hosts to the domain the errors had cleared. The third box we needed to reinstall to clear the errors. Since we've done this all the servers have been cleared of this error. You'll notice there's a similar dashboard in the automatic bundle now built into Log Insight.
- 2nd time was verifying where the problem existed. background: backups failing scope: 3 teams involved (backup team, esx team, window's team)
- Log Insight gave us the ability to show the backups were connecting to vCenter and the job was getting to the vm and was failing while connected to the vm.
- Next we were able to take the error message, extract out the vm name and get a list of all the errors over the past week, to help with trouble shooting.
- Problem ended up being with the services on the Window's vm but we'd of never gotten to the point without the log dive.
- 3rd time was for overall health We had lost a storage director and during the outage had higher latency then we anticipated. There were questions brought up as to whether our round robin was working properly. Our team was able to show the logs where the connection was deprecated at the beginning of the issue and not used again until the issue had been resolved.
One beauty with Log Insight is the fact that all monitoring analytics are already handled within vCops. The reason this is important is with Splunk you get charged for the bandwidth license to pipe all their resource monitors into it.
Chris Nakagaki - Is it different from Splunk? Not really. It's pretty much the same functionality, but the integration w/ vcops is the most interesting. It'll be an uphill battle for log insight against Splunk unless priced appropriately. In the very least, it's good to see a worthwhile competitor to Splunk.