The June release of vRealize Log Insight Cloud introduces Live Tail (Beta) and adds additional content pack dashboards and queries for AWS and Azure.
Live Tail streams logs as they are ingested into the platform thus allowing you to troubleshoot or audit logs real-time. You can switch between Live Tail and Explore Logs depending on the time range you are troubleshooting or auditing.
Troubleshooting with Live Tail
Usually, you would filter on a hostname or the source of the logs you want to review, but in some cases, you may want to refine your search. I am trying to find the source of unusual traffic on one of our internal web servers. The website is only used for demos, but there is an unusual spike in traffic. Using Live Tail I can see what IP is actively connecting to the server. By adding the remote host field to the stream, I can see that the traffic is all coming from the same IP.
Step 1 – Add the keywords to search for, in this case, I’m using the website name. The keywords are then highlighted in the live tail feed.
Step 2 – Add the log_type for the issue I’m troubleshooting, in this case, Apache.
Step 3 – Add a filter to ensure I’m only getting logs where the remote_host field is present in the log message.
Step 4 – Add the field remote_host as a column so I can see this detail in the live stream without expanding the message. (Details on adding fields below)
Using Live Tail
Navigate to Live Tail from Explore Logs, or use the Live Tail option on the left navigation bar.
Tail Logs Using a Favorite Query
Select a favorite query if you already have one defined, otherwise create a new query based on the data you want to stream.
Filter Using Fields
You can filter on the hostname or any number of fields.
Search by Keywords
Easily view the keyword location in the log message. This is especially useful for cloud logs which can be quite long.
Pause or Resume the Live Stream
As logs scroll by, you can stop the live tail to review log messages of interest more closely. Expand the log message to view the learned fields and resume by selecting Start Live Tail as needed.
Add or Remove Columns for Easier Review
Select specific fields of interest and add them as a column to aid in troubleshooting.
Configure Role-Based Access Control
With Live Tail, you no longer need to give administrators access to a console to review log messages in real-time. You can create a custom role and simply grant them access to specific features and further filter access to features using data sets.
Updated Content for AWS and Azure
In the June release, we’ve also added additional Dashboards and Queries for AWS and Azure applications.
Here we’re looking at the EventBridge Overview Dashboard.
I can filter through all the dashboards available for EventBridge from the Dashboard navigation.
Stay tuned for more new features coming soon! If you’re not already using vRealize Log Insight Cloud, check it out with our free 30 day trial. To learn more about how to use Log Insight, please check out VMware Pathfinder.