Log insight 3.3 customer presentation

Editor's Notes

• #4: Log Management is just a small part of effectively managing your SDDC. Combining it with performance and capacity management, superior IT automation and cost visibility are key to VMware's management strategy.
• #5: “Worldwide Cloud Systems Management Software 2013 Vendor Shares”, Mary Johnston Turner, IDC #249131, June 2014. “Worldwide Datacenter Automation Software 2013 Vendor Shares”, Mary Johnston Turner, IDC #248783, May 2014. “Market Guide for Cloud Management Platforms From Large Software and Emerging Vendors”, Ronni J. Colville, Donna Scott, Milind Govekar, Gartner G00247836, April 2014. “Cloud Management and Automation: Delivering the Enterprise Cloud Console”, 451 Research: Cloudscape, November 2013. “Vendor Landscape: Cloud Management Platforms”, Info-Tech Research Group, March 2014.
• #7: The Basics Centralized log management for your entire stack Search & analyze log data for real-time troubleshooting Anyone in the organization can access log data without compromising production systems Best for VMware by VMware Optimized for vSphere logs, vSphere analytics are built in Automatic ESXi configuration for collection Integration with vRealize Operations Very easy to deploy, intuitive to use Simple & predictable pricing model Log Insight can digest any type of log data. Users do not need to think about it, they can just send their data to Log Insight. Automatically identifies structures in the data and create a high performance index for performing analytics Unlike databases there is no need to engage DB admins to Extract Transform and Load (ETL) the data…Just send it over It scales up and down very well. It can ingest TBs of data per node per day. It is much faster and much more efficient than the competition It has a configurable retention policy, i.e. you attach 500GB storage and if it runs out of space it rotates the old data out. Optionally they can be written to an archive, making it virtually maintenance free It ships with out of the box knowledge of vSphere and many other logs in the form of a Content Pack, a collection of queries, alerts, dashboards and fields. A vast library of VMware and 3rd party Content Packs are also available.
• #8: VMware offers a comprehensive operations management solution for the cloud era. vRealize Operations Management Suite is a highly automated and integrated analytics platform and operations console that provides visibility into the health of your infrastructure and applications across hybrid clouds and heterogeneous environments. There are three key areas of focus for VMware’s approach to simplify and automate Operations Management. The first is Intelligent Operations, using patented analytics to provide better visibility into datacenter operations. vRealize Operations analyzes millions of metrics from vSphere and existing monitoring tools to learn the behavior of your infrastructure. It then sets dynamic thresholds that trigger smart alerts so you can proactively address building performance problems. The second area is Policy-based Automation, leveraging policies and thresholds to trigger orchestration workflows across a white variety of tasks, rather than manual intervention to kick off a script. These automated tasks include incident and problem remediation, policy enforcement for continuous compliance, and capacity analysis and planning to improve resource utilization. The third area is Unified Management, providing operations team with a unified view of what's happening in their highly virtualized and cloud environments. vRealize Operations delivers this unified view in three ways: first, through converged infrastructure management of network, storage and compute; second, through integration of the key disciplines of performance, capacity and configuration management; and third, through a consistent management approach across virtual, physical and private/public cloud domains. As shown here, customers are reaping the benefits of this approach.
• #9: vRealize Log Insight for vCenter is a version of Log Insight that is limited to VMware Content Packs only (listed below). Customers that own vCenter Server get free 25-OSI pack for each vCenter license they own/purchase. This allows them to collect logs from vCenter, ESX/I and any other supported sources (up to 25 total OSI) from their vSphere environment Example vCenter logs: vpxd, profiler, alert, performance, agent, inventory, dump, endpoint, syslog, SSO, Web Client, etc. An OSI is essentially a Log stream Example scenario: Customer owns 2 vCenter Licenses and manage 10 hosts, 200 VMs Customer has 5 ESXi hosts per vCenter OSI License breakdown: **They’re existing vCenter license will be used to activate Log Insight for vCenter – Any additional OSI license needs will require a new LI key, which will include the original 25 plus whatever else they purchase. They’re entitled to 2 25-pack OSI licenses, in order to use both they must deploy 2 LI instances (1 25-pack license per LI) 1 can be used per vCenter (2 used) 1 can be used per ESXi host (10 used) 38 remain for VMs, network devices, other VMware management components like vRealize Automation, NSX, storage devices, etc. Customers can purchase additional licenses by 25 OSI packs or by CPU Available VMware Content Packs 01/2016: - Virtual SAN - vRealize Automation 6.1+ - vCenter Operations Manager - vRealize Operations Manager - vCloud Director - NSX - vCNS - Horizon View - vSphere - vCloud Automation Center (vCAC)
• #10: There are roughly 40 content packs available for additional VMware and 3rd party solutions. Each come with their own set of built-in queries, dashboards and alerts specific to that solution and are extremely simple to add.
• #11: On the fly dashboard creation based on search criteria. Create custom dashboards that align with your needs and saved for re-use .
• #14: It can digest any type of log data. The users don’t need to think about it, they can just send their data to Log Insight. Log Insight automatically identified structures in the data and create a high performance index for performing analytics Unlike databases there is no need to engage db admins to Extract Transform and Load (ETL) the data. Just send it over It scales up and down very well. It can ingest TBs of data per node per day. It is much faster and much more efficient than the competition It has a configurable retention policy, i.e. you attach 500GB storage and if it runs out of space it rotates the old data out. Optionally they can be written to an archive, making it virtually maintenance free It ships with out of the box knowledge of vSphere logs in the form of a Content Pack, a collection of queries, alerts, dashboards and fields. We are also working with partners to include more Content Packs (e.g. for storage, applications, network devices) as well as more Vmware producst (Nicira/Networking, View, etc.)
• #15: Proactive Analytics (Machine Learning) Automatic log consolidation - groups similar messages together with no runtime overhead (reverse engineer where each log message comes from in the code) Example: 1000 messages match a query but reports back that there are only 5 message types (in the 1000 matches) Schema discovery (Automatically understand the message structure) Automatic field extraction - discover fields in logs including their data types
• #16: Easy and Flexible Easy to create Content Packs Dashboard widget without links Simple to create a limited set of Visualizations and Dashboards Content Packs Authoring Improvements Dynamic Filtering in Content Packs Enables Content Pack authors to provide templates (e.g. filter by ticket id) Widget Linking From a dashboard widget to a related dashboard page for guided troubleshooting Automatically discovers possible links
• #17: Log Insight effectively translates cryptic and unstructured log details into meaningful, searchable results.
• #19: Integration with vRealize Operations Manager means we’ve provided 2-way launch in context from each UI. For example, if you see an alert in vR Ops and it’s coming from a log entry you have the ability to launch the Log Insight UI and it will automatically render the specific log entries in that UI for further investigation.
• #21: This customer profile is also available in a video - http://www.vmware.com/products/vrealize-operations-insight/#3886219553001
• #22: VMware IT uses Log Insight. These are some metrics that speak to the scale of the solution and how impossible it would be to manage this type of log volume without automation.
• #25: Detect transactions: The ability to automatically identify a series of events that lead to a failure. Detecting anomalous sources and events: Ability to find hosts that send offending messages. Creating fingerprints: Giving the ability to users to define a set of events that lead to failures. They would be able to share this ‘fingerprint’ with other groups to detect such a pattern in other systems.
• #26: vRealize Log Insight, also part of vRealize Suite STD/ADV/ENT, introduced several new features in 3.3. Some of the features are backend and some operational, meaning some features like license support will be invisible to users, while some of the agent features and upgrade capabilities will drastically benefit customers. Federal and other IPv6 customers will benefit from the added support for pure IPv6. Usability and UI improvements will help new and existing Log Insight customers alike. The following is a list of features *projected* to ship with v3.3 – some may have slipped so please double check the product documentation: Additional agent-side parsers for LTSV and Syslog (potentially even JSON and RegEx) provide the ability to further parse events on the client side, which allows us to only send in pre-indexed content and provides greater efficiency. Web Hooks – Ability to send alerts to Socialcast, Slack or any other IM or app that supports web hooks, providing additional alerting extensibility Simple Query API. Support for simple keyword search, filters – “I.e., all events that contain host name SrvEast*”, regular expressions, math equations, grouping, search by, etc. Allows customers to run complex queries, integrate with CMDBs, perform their own UI analysis, etc. Support for pure IPV6 environment – both server and agent – pure ipv6 only. Especially benefits Federal customers. (This could be considered ‘Tech Preview’ initially.) Agent configuration builder – we can now build an Agent configuration using a UI with error handling and corrective syntax examples, etc. UI Improvements: Screen real estate feature – allows you to hide chart visualizations at the top of the Interactive Analytics screen Added a hover over capability to expand dashboard legend details Added Tables field to Events, which gives a different perspective of data – example: Failed logins can now be tallied and viewed per host Multi VIP (Virtual IP) and Tag – Integrated Load Balancer – Supports single VIP per cluster. Users can now define more than 1 VIP for each cluster and can tag these VIPs and add meta-data (I.e., Datacenter = Boston) Support for ‘CopyTruncate’ xNIX CMD – Used to manage agent log files on the agent side after they are sent to LI server Hybrid Licenses support for inclusion in vCenter 25 OSI vSphere Content Pack update – mainly bug fixes