vRLI Cloud’s August release had the following features. In this blog, I will try to share details about the same
- Log Root Cause Analysis (RCA)
- Log Compare
- AVS Content Pack
- OCVS Content Pack
- New Content Pack UI with Improved User Experience
- New Log Sources UI with Improved User Experience
- Log Forwarding in RAW Format over TCP/UDP
- VMware Cloud Disaster Recovery (VCDR) Log Support
- Handle Conflicting Fields
Log RCA (Root Cause Analysis)
It helps you investigate and troubleshoot incidents for a potential root cause in an environment.
You can create an investigation by specifying the time range when you think the issue happened. The good part is that the UI allows you to control the sensitivity.
I feel the Log RCA is a game changer in the world of logs as it leverages AI & ML technologies to reduce the turnaround time when troubleshooting an issue and bring back the normalcy of the Application / Infrastructure
A couple of things to Note
- The log RCA service needs a few minutes to process logs, and a longer time to produce meaningful results. The accuracy of log RCA increases with the amount of time the service runs.
- You cannot run an RCA for an issue that occurred before you activated the log RCA feature.
For more details, you can refer to the documentation
It helps detect anomalies in logs across time or across log sources. This helps you determine what was different right before a release or a failure as compared to the previous day or previous week. You can run an analysis that helps you troubleshoot and discover root causes
In the below example I am checking firewall logs for my Application to compare what traffic was allowed to identify a user complaining that they are not able to access the Application
New Content Packs for AVS & OCVS SDDC
In the July release, vRLI Cloud added support for AVS & OCVS SDDC. If you haven’t seen my blogs you can refer to the same
Forward OCVS SDDC logs to vRealize Log Insight Cloud
In this release, the content packs have been released which is a collection of the following objects that are relevant for a set of product/application logs
- Extracted fields
You can refer to my blog for Content Packs 101
New Content Pack & Log Sources UI with Improved User Experience
UI has been completely revamped which allows an easy experience for the user to navigate supported log sources and installed content packs. For Content Pack, you can easily export the content pack for source code management or you can easily customize based on your environment
Log Forwarding in RAW Format over TCP/UDP
For TCP & UDP Syslog endpoint previously the only supported format was JSON however there was a couple of customer request where they wanted the default RAW format. Admins now can select the log format when configuring the log-forwarding configuration
VMware Cloud Disaster Recovery (VCDR) Log Support
Forward VCDR event logs to vRealize Log Insight Cloud and analyze event logs related to protection, recoverability, and user interactions. You can forward VCDR logs within a specific time range in the past, from a time starting in the past to the present, from a time in the past going forward, or from the present moving forward.
Handle Conflicting Fields
There are certain fields like “id”, “timestamp”, “log_timestamp”, and “_version_” that vRealize Log Insight Cloud uses for internal processing. If such fields are detected during log ingestion, they conflict with the internal fields, resulting in some of the logs being dropped. To prevent this issue, logs with such fields are now appended with “_message_payload” .
Try out vRealize Log Insight Cloud
If you’re not already using vRealize Log Insight Cloud, check out our free 30-daytrial. To learn more about how to use Log Insight Cloud, please check out