vCenter Log Insight release

vCenter Log Insight is a new log aggregator from VMware. As a new tool that is integrated with vCenter Operations Manager, Log Insight has great potential. The ability to tie in directly with VMware's knowledge base, vCenter and vCenter Operations gives Log Insight a true strength in combining analytics with logging.
VMware vCenter Log Insight – VMware vSphere Dashboard
We started using Log Insight (project Strata) at Tech Preview 2. We had a need for log aggregation solution and thought we'd give it a try on our lower environments. We have used it for different purposes.

  • 1st time was with analytics. when we deployed it, I had setup a dashboard to see "warning" level alerts. 3 of our 120 hosts were far surpassing the others in errors.  After clicking down into the bar graphs we saw a high number of Active Directory related errors.  After rejoining 2 of those hosts to the domain the errors had cleared. The third box we needed to reinstall to clear the errors. Since we've done this all the servers have been cleared of this error.  You'll notice there's a similar dashboard in the automatic bundle now built into Log Insight.

VMware vCenter Log Insight – Interactive Analytics

  • 2nd time was verifying where the problem existed. background: backups failing scope: 3 teams involved (backup team, esx team, window's team)
    • Log Insight gave us the ability to show the backups were connecting to vCenter and the job was getting to the vm and was failing while connected to the vm.
    • Next we were able to take the error message, extract out the vm name and get a list of all the errors over the past week, to help with trouble shooting.
    • Problem ended up being with the services on the Window's vm but we'd of never gotten to the point without the log dive.
  • 3rd time was for overall health We had lost a storage director and during the outage had higher latency then we anticipated. There were questions brought up as to whether our round robin was working properly. Our team was able to show the logs where the connection was deprecated at the beginning of the issue and not used again until the issue had been resolved.

One beauty with Log Insight is the fact that all monitoring analytics are already handled within vCops. The reason this is important is with Splunk you get charged for the bandwidth license to pipe all their resource monitors into it.

Chris Nakagaki - Is it different from Splunk?  Not really.  It's pretty much the same functionality, but the integration w/ vcops is the most interesting.  It'll be an uphill battle for log insight against Splunk unless priced appropriately.  In the very least, it's good to see a worthwhile competitor to Splunk.

More Screenshots:
VMware vCenter Log Insight – Customizable Dashboards
VMware vCenter Log Insight – Integration with vCenter Operations

2 comments:

trs80 said...

At $200/log source vs $5000/GB (and each ESXi host generates more than a gig of data a day according to Splunk), I'll take VMware Log Insight and its vCOPs integration, thanks.

Chris Nakagaki said...

It is truly compelling. Though I'll wait until LDAP and/or SSO authentication is integrated. They do mention pricing on the blog, but that is still being determined according to their official site.
Final pricing to be determined on Q3 2013 when it's GA. http://www.vmware.com/products/datacenter-virtualization/vcenter-log-insight/buy.html