Today I’m very excited to share with you some of the new features we recently introduced with VMware vRealize Log Insight Cloud dashboards. For the uninitiated, vRealize Log Insight Cloud is VMware’s log aggregation and analytics service. vRealize Log Insight Cloud provides deep analytics capabilities for private and public clouds such as VMware Cloud on AWS and AWS services.
In the world of log analysis, dashboards give us a good visual understanding of log messages. Instead of manually sifting through thousands of logs looking for issues, Log Insight Cloud can show you how many of those log messages contain the word error, or which users are trying to authenticate to your applications and servers. Or, perhaps, more importantly, are there a high number of failed login attempts indicating a potential security issue? Being able to visualize your log data can be critical and combining multiple visualizations into dashboards gives you immediate access to the most important information. Log Insight Cloud’s content packs are a great source for pre-made application-specific dashboards, but you can also create your own Log Insight Cloud dashboards based on custom queries easily from the log explorer.
If you’re not familiar with vRealize Log Insight Cloud dashboards, then check out the documentation here.
Widgets and Widget Options
Visualization can take many forms based on what types of log data you’re looking at, and vRealize Log Insight Cloud includes nine different widget types that can be fully customized. For example, if you want to see who is logging in to a server, a pie or line chart may work but these can be limited in what data is shown. However, a bubble chart will show you who logged in, how many times they logged in, and what IP they logged in from. It’s all about choice, and vRealize Log Insight Cloud gives you a lot!
If you’ve used vRealize Log Insight Cloud before, then you’re probably familiar with these so let’s get to what’s new in Log Insight Cloud dashboards. Instead of bullet points highlighting each addition, let’s walk through a few scenarios that can leverage these new features.
Let’s look at firewalls for example. With NSX-T logs we can see what traffic is flowing through our firewall rules for VMware Cloud on AWS or our on-premises environment. These logs can show us the outside IP, the internal IP it’s trying to reach, when it tried to connect, and whether the firewall allowed the traffic through or rejected it. There’s a lot of useful information in one log message. To visualize this, we can create a dashboard using a few different widgets. First, how many connections are being passed vs rejected by our firewalls? A pie chart or a bar graph would be perfect for this. The pie chart can be configured as a donut graph if you prefer and the bar graph can use logarithmic scaling on the vertical axis. This gives us a more compressed view of the data especially if the values are wildly disparate. For this example, let’s use a bar graph with logarithmic scaling enabled because the number of connections passed through the firewall should vastly outweigh the number of rejected connections.
Now, let’s create two more widgets to show source and destination IP’s. This shows us which services are being accessed and the source IP’s accessing them. We can simply add new widgets based on saved queries such as “NSX-T Top Firewall Destinations” and “NSX-T Top Firewall Sources.” Again, we could use a pie or donut chart, but I’d prefer the table widget because there are likely to be a lot of IP addresses and things could start to look crowded with a pie chart.
That covers three out of the four questions we want to answer. What about time? With vRealize Log Insight Cloud, we can overlay multiple pieces of data. For example, we can create an area or line graph which shows how many connections were passed and how many were rejected over time with each action having its own line on the graph. We can configure our query and add it to the dashboard with just a few clicks.
That was easy! But I’m not satisfied with this layout. I’d prefer to see our two tables side by side. That’s also simple! Just edit the dashboard and drag the widgets around.
While we’re here we can also change the settings of the line graph. We can change the color and disable smoothing for greater resolution.
Log types and trends
In addition to all the great visualizations, we can also include log types and log trends in our Log Insight Cloud dashboards. Log types leverage Log Insight Cloud’s powerful machine learning to group similar log messages together. This helps us to quickly understand what’s happening without having to go line by line through each log message as we can see how many of each type of log message was found for our query. Log trends show us whether we’re seeing more, less, or the same number of logs for each log type. Are Fibre Channel connection issues on the rise? Perhaps we need to investigate! As you can see, by including these in our dashboards, we can provide context to our widgets without having to go back and forth between our dashboards and the log explorer.
For example, let’s create a dashboard that simply shows us logs containing the word error.
Now, if we want to add logs to this dashboard, we can go to the log explorer, click “add to dashboard,” and then select “event type” as our new widget.
As you can see, we now have all the log messages grouped by similar log types and displayed on our dashboard. While the number of events may seem a bit alarming for such a small environment, looking through the event types I don’t see anything of real concern. You can see how this helps to provide context to the visualizations. To finish this dashboard, we can go back to the log explorer and add the “event trend” widget type.
At the bottom of our dashboard, you can see the event trends. This shows our logs grouped by event types and on the left-hand side. We can see how they’re trending compared to the previous 50 minutes. A plus sign means this is a new event type, while the up arrow shows that Log Insight Cloud is seeing more of these event types. There’s also an equal sign which means Log Insight Cloud is not seeing any more or any less of this log type. And if you see red arrows, this means we’re seeing less of this log type. You can see if we were investigating a spike in error messages how this can help us quickly get to the root cause.
Conclusion
The latest update for vRealize Log Insight Cloud introduces some great new dashboard features. Being able to customize your dashboard layouts and widgets, and even including logs in your dashboards provides you immediate access to your most important information. I hope you found this blog useful and are now just as excited to play around with the new dashboard capabilities of vRealize Log Insight Cloud as I am! For more information and to get your hands on a free 30-day trial of vRealize Log Insight Cloud visit the product page!
