This post is aimed towards anyone who does a lot of Log Analysis. In this post I showcased the capabilities of VMware vRealize Log Insight. This will enable you to confidently utilise this tool to not only analyse the diverse logs that you can think of but also visualise the patterns and much more. So, if you are a hands on person who loves to do root cause analysis, or want to solve that nagging performance issue, then this post is for you.
To troubleshoot software related issues your only friend are logs. Every software developer some or other logging mechanism so that later on you can troubleshoot any issue. If something crashes you go ahead and look into the logs to find out what went wrong. But log analysis is not only limited to crashing of software. If there is any performance issue, you analyse the logs. Some security breach happens, you audit the logs for any clue. So every organisation has some ways to store logs from different sources. Traditionally a syslog server was utilised for this purpose.
In the initial days when number of servers were less, it was easy to maintain and manage the logs. But as virtualisation became popular, there was an explosion of virtual machines. Organisations runs thousands of virtual machines, but number of people managing those servers has not increased accordingly. This is because virtualisation increases efficiency and admin to server ratio has increased dramatically. This increase of virtual servers has also led to tremendous increase in logs. So now maintaining and auditing those logs is a nightmare. This is where log management & analyser tools help.
Why vRealize Log Insight?
VMware vRealize Log Insight is one of the best if not the best tools available to manage and analyse any type of log. Underlying it runs a syslog server, so that anything which can send log to a syslog server can forward logs to this tool. But on top of that unstructured data, it runs it's intelligent engine to analyse that data and bring structure to it. It uses machine learning to understand the pattern and gives a stunning visual representation to that data.
Typically in traditional environment if I had to analyse logs for root cause analysis, I would find error in a log file, then note the timestamp and then find in other log files what was happening at that time. In Log Insight, since the pattern is understood by the intelligent logic, I can query the logs for particular patterns. It's like querying a database for some information.
Use cases of vRealize Log Insight:
Provided below are the typical use cases for vRealize Log Insight:
- Troubleshooting & Root Cause Analysis
- Follow the trail from vRealize Operations Manager to logs to get to root cause to an observed problem
- Identify the needle in the haystack in real time when troubleshooting a problem
- Monitor metrics and events (performance & change) that are visible only in logs
- Identify problems proactively, ensure SLAs and comply to IT policies
- Unstructured Data Warehouse
- Collect all the data in one place without the need for custom parsing, transformation of data
- Get full visibility across all your IT environment from a single place
Given below is the list of the topics covered in the session:
- Why vRealize Log Insight
- Integration & Extensibility
- Machine Learning
- Playing with API
As always live demo is provided throughout the session to showcase the information provided in the slides.
vRealize Log Insight comes pre-bundled with all the versions of vRealize Suite. It is an amazing tool which can make your life much easier. So if you are not actively using it, I hope this session will enable and encourage you to start using it. For more details please check the official VMware site and product documentation.
As always I welcome your feedbacks. Please do share them so that I am fine tune my further sessions.