Greetings everyone! We’re kicking off VMware Explore 2022 with some powerful new updates to vRealize Log Insight Cloud. As you may or may not have heard already, the vRealize Suite is being rebranded to ‘VMware Aria’, and vRealize Log Insight Cloud is being rebranded to ‘Aria Operations for Logs’. For simplicity’s sake, we’re going to still use the name ‘Log Insight Cloud’ for this blog, but further videos and publications will refer to the product by its new Aria name. So, let’s dive in!
Log Root Cause Analysis (Log RCA)
Our most exciting feature that we’re announcing in this release is Log RCA. If you’ve ever spent hours trawling through logs and events looking for the root cause of a breakage (and who in ops hasn’t?) then this feature is going to save you lots of time and frustration during your log forensics.
Log RCA will take a specified date and time given and use machine learning algorithms to sift through the millions of potential logs generated during that period and filter them down to only the relevant outliers. Log RCA will also give you a confidence score to let you know how certain the AI algorithms are that the outliers it found during the time period specified are valid to a breakage or major issue.
Once Log RCA has done its analysis, and presented you with its result, you can see which logs are relevant to you via the Log RCA results screen, and then dig deeper in the vRLIC Log Explorer to see if there are more relevant logs during the specified timeframe.
In the example below, in trying to diagnose why my web app went down, we can see that Log RCA has discovered that my database server crashed with a segfault.
We can then drill down deeper in Log Explorer and verify what Log RCA shows us, as well look for key messages around the same time (storage or host issues)
Another new feature helpful for troubleshooting, Log Compare, lets us run two queries side-by-side and see the results. This I useful to track if two separate issues could be related by comparing them side-by-side at the same time. They can also be used by DevOps teams as part of their new code push process to run multiple queries to watch the health of multiple log sources for cascading failures or breakages after a new deployment.
In the screenshot below, we are trying to correlate I/O login errors to possible datastore storage issues that happened around the same time. Since we can run the two queries together and see that these errors happened within a few seconds span of each other, we can go talk to our storage teams to see if there have been any SAN issues at the time the I/O errors occurred.
New Content Packs for Azure VMware Services and Oracle Cloud VMware Solution
Last month we released support for collecting logs from AVS. This month we have released our first iteration of content packs for both AVS and OCVS. The AVS content packs include lots of useful dashboards to see NSX firewall info, as well as error events and audit logs. The OCVS content pack contains dozens upon dozens of dashboards and queries for full stack visibility of your OCVS environment from top to bottom. There is so much new content in the content pack, it would take a full page of the blog, or more, to list it all. You’ll just have to log in, install it, and see for yourself!
Those are all our major features for August! We have a few more great features lined up for September and beyond, but for now, enjoy VMware Explore and please visit our Cloud Management booth and learn a bit more about all of the new changes and features coming to Aria Operations For Logs and the whole new Aria Suite.