Identify Noisy Log Sources in VMware Aria Operations for Logs Cloud using PowervRLICloud


VMware Aria Operations for Logs Cloud a.k.a. vRLI Cloud is SaaS Service that allows you to manage data at scale and it helps provide deep operational visibility and intelligent analytics for troubleshooting and auditing across private, hybrid, and multi-cloud environments.

As it is a SaaS-based service the billing is based on the logs ingested so it is critical for the admins to know what log sources are ingesting the most to avoid unexpected bills at the end of the month.

In this blog, I will show how easy it is to identify noisy log sources in vRLI Cloud using PowervRLICloud.

What is PowervRLICloud

It is a PowerShell module that abstracts the VMware vRealize LogInsight Cloud APIs to a set of easily used PowerShell functions. This tool provides a comprehensive command-line environment for managing your VMware vRealize LogInsight Cloud environment

Getting Started


You need to have the following pre-requisites

  1. vRealize LogInsight Cloud API Token
  2. PowerShellVersion = ‘6.0’ and Above

Connect to vRLI Cloud 

Connect-vRLI-Cloud -APIToken “APIToken”

Scenario 1 – Identify log source using hostname field in last 24 hours 

$queryId = Post-Query-Request -SQlQuery “SELECT COUNT(*), hostname FROM logs GROUP BY hostname ORDER BY COUNT(*) DESC LIMIT 25” -Duration 1440
$response = Get-QueryResponse -QueryId $queryId

Note – 1440 mins is 24 hours 

Scenario 2 – Identify log source using source field in last 24 hours 

$queryId = Post-Query-Request -SQlQuery “SELECT COUNT(*), source FROM logs GROUP BY source ORDER BY COUNT(*) DESC LIMIT 25” -Duration 1440
$response = Get-QueryResponse -QueryId $queryId


Scenario 3 – Identify log source using event_type field in last 24 hours 

Once you identify what log source is sending the most number of logs, the next step would what type of event type it is. vRealize Log Insight Cloud tries to automatically detect groups of similar events based on the number of common parts that the events have. The system uses machine learning to group similar events together, with each group showing the approximate number of events in the group. Grouping events helps identify the most communicative events and the quiet ones, both of which are critical for troubleshooting. For more details, you can refer the documentation

$queryId = Post-Query-Request -SQlQuery “SELECT COUNT(*), event_type FROM logs GROUP BY event_type ORDER BY COUNT(*) DESC LIMIT 25” -Duration 1440
$response = Get-QueryResponse -QueryId $queryId

If you want to find more details of even type you can search logs for the specific event type 

$queryId = Post-Query-Request -SQlQuery “SELECT * FROM logs where event_type=t0_1db9f1fd ORDER BY ingest_timestamp DESC” -Duration 5
$response = Get-QueryResponse -QueryId $queryId
$response.logQueryResults | Select event_type,text | more


This is how easy it is to identify the noisy log sources and try to avoid surprises in the bill 

Try out vRealize Log Insight Cloud

If you’re not already using vRealize Log Insight Cloud, check out our free 30-daytrial. To learn more about how to use Log Insight Cloud, please check out

Related Articles

Announcing PowervRLICloud


Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: