VMware vCenter Log Insight – Make your logs make sense!
Today VMware has introduced the world to VMware vCenter Log Insight, labeling it as a "new automated log management and analytics product for the cloud era". In my opinion this is a great next step for VMware's management portfolio and if integrated correctly, could really compliment the analytics and performance data crunched by VMware vCenter Operations.
More than just syslog?
From what I have seen, YES! Although the underlying technology utilizes syslog collectors/receivers to receive the data, the visualizations and dashboards by which that data is presented to the end user is really where the value resides. On average an ESXi host will dump roughly 250MB of data per day. That's 250MB of data, that you, the end-user will need to parse and correlate line by line to try and make some sense out it. I know I only understand about 25% (if that) of what is spit out in some of those logs. vCenter Log Insight takes this data and with what they call 'content packs', presents the user with a bunch of predefined dashboards of some of the most relevant data that you may be looking for, along with common links to KB articles if any.
Easy transition from monitoring to troubleshooting
Hopefully we have all seen the power of vCenter Operations; How it correlates and analyzes all that data to really help us drill down and find out where any current (or future) problems exist. If the issues are not evident, or if we are still unure of what the problem still is, the next viable step would be to jump into our logs to see what information we can find there. With integration between vCOPs and vCenter Log Insight hopefully this will make that transition from our monitoring solutions into our log analyzing solutions a whole lot easier. Again, saving us time and helping us discover root causes that much quicker.
Even more for advanced users
For those that love to look at the raw log data (huh?!?!?!) you can do that as well. A search type functionality, similar to that of Splunk is available as well. Use this to parse and filter through all of your logs that vCenter Log Insight collects. The main difference here is there is no need to learn any new "languages" to drill around in and query your data. VMware seems to have really made a big effort to keep this product simple and easy to use, but powerful and extendable at the same time. Also, the ability to generate alerts and send email notifications on a custom query is a very nice functionality to have.
More than just ESXi and vCenter
As mentioned above visualizations and presentations are provided by content packs. These are easily exported and imported to and from vCenter Log Insight, in turn allowing third parties (including YOU) to easily develop, distribute and share. So, hopefully, within time, we will see more than just ESXi and vCenter logs getting pumped into this. On that note, we will probably see more than just VMware products being analyzed. In my opinion the community will really need to take the lead on this one, and looking at past performance that the VMware community has, I'm sure they will!
So VMware says to expect to see some sort of GA in Q3 of this year, I'll let you guess the timeframe! I hope to get a few more posts out about vCenter Log Insight as I delve more into the product but for now you can find some here, here and here. Have a look for yourself and let me know if you think!