There is a new release – Microsoft Windows Operating System Log Insight Content Pack. Content packs are free add-ons for Log Insight with predefined dashboards and widgets. I reported in details about what's new in Log Insight 2.0 here.
Quote from the release page:
The Microsoft Windows Operating System Log Insight content pack provides actionable data, for Windows OS operations managers, specifically for troubleshooting and pinpointing problems. With Log Insight, version 2.0, customers can scale for collecting up to 45K events per second, with an easy to deploy, low cost, 6-node scale out architecture. With up to 2 terabytes of searchable data, Windows admins can archive and search through hundreds of servers, historically for pattern and anomoly analysis, via a structured like database approach.
How to Import into your LogInsight?
Simple. Just click right top icon to go to the administration menu and choose > Content Packs
Then from the administration page, all the way down there is a button for Import Content Pack. You jsut click the button, select the content pack (has an extension *.vlcp) to import.
After the import, there is a new menu which will appear (below the default vSphere content pack).
Note that to use the Windows content pack you must install an agent into the Windows VM. It's a snap, I just tested. No pre-requisites and the loginsight hostname gets pre-populated during the installation process….
The installation screen looks like this:
A new ingestion API based on RESTfull. The Windows agent is capable to talk to vCenter Log insight over the Ingestion API, but also can use syslog. The ingestion API supports 1000s concurrent clients.
The native Windows agent (runs as Windows service) has low memory and CPU footprint and collects events from standard or custom Windows event channels, but also collects logs from flat files and directories. For Windows based vCenter servers which stores logs in directories and files (not in Windows events) this can be a very useful solution of collecting logs.
The installation is easy with MSI file which can be rolled out in mass deployment via GPO. The centralized Log insight server can then mass-configure those agents remotely via the ingestion API
After few minutes the data starts to populate into the Loginsight dashboard…
With millions of events coming into Log Insight VMware wants the log insight to be more pro-active. How it works? Via automatic clustering.
- Automatic Clustering which clusters similar messages together
- Automatic Field Extraction – discover fields based on data types
- Everything Log insight learns, it turns into a schema
Download the Windows Content pack from the VMware Solution Exchange Here.