Vmware Log Insight Installation Step By Step

[Patricia]

Inshort, vRealize Log Insight allows you to visualize and analyze event information extracted from VMware setups as well as other sources. It can handle both structured and unstructured data emanating from multiple sources. Additionally, you can use Insight to perform complex analytics, searching, real-time monitoring and more. Management is carried out using a highly customizable HTML 5 interface which, in the large part, is intuitive and easy to use.

The minimum hardware requirements for a production deployment are 8GB RAM, 4 vCPUs and 510GB of storage configured in thick provision eager zeroed mode. For Large environments, the appliance VM hardware version needs to be upgraded to version 8 to enable support for 16 vCPUS. The Sizing the vRealize Log Insight Virtual Appliance page shows you how to size your Log Insight deployment.

You can use any valid vCenter Server product key (Standard, Enterprise or Enterprise Plus) to license Log Insight. This allows you to monitor a single vCenter Server instance plus 24 other VMware resources such as ESXi hosts, VMs, etc. This is referred to as the 25 OSI (Operating System Image) pack which unlocks all the features applicable to vRealize Log Insight for vCenter Server Standard.

Before proceeding with the installation, go ahead and download a trial evaluation of Log Insight from my.vmware.com. The 60-day license key should be available on the same download page. You also need sufficient permissions to deploy an OVF template to vCenter Server.

At this point Log Insight is ready to start receiving or, as the jargon goes, ingesting data. However, we first have to configure a data source from where events are forwarded to the Log Insight server. The logical thing to do is to have vCenter Server and ESXi designated as such.

This is exactly what the Configure vSphere Integration option is there for. This configuration task can be run from the Home screen as shown in Figure C1 or from the Administration menu as shown in Figure C2.

If a session expires or you simply come back to using the Log Insight interface, all you need to do is point a browser to https:\\. Use admin and its associated password to log in, though I highly recommend dedicated user accounts set up according to their intended use.

This concludes a rather lengthy post. Hopefully, after reading this post you should be armed with sufficient knowledge to enable you to deploy vRealize Log Insight to your environments. In one or more future posts, I will try and tackle some Log Insight fundamentals such as installing Log Insight agents on Windows and Linux, how to customize dashboards, set up queries and more.

Hi thanks for your time in posting.

I find Vmware Hub from Altaro are very valuable one stop shop for information on anything Vmware related. I have vRealize Log insight installed at my work and was wondering if you would be able to send me any good links to show how to best navigate and use this tool to proactively pickup issues in our invironment.

Thanks again

Tony

Data center administrators are under tremendous pressure to deliver applications that perform better, with an infrastructure that is optimized for both performance and resiliency. These environments often generate a myriad of disparate bits of information about the infrastructure that powers an assortment of business applications and data. This data, which comes from multiple sources across the data center, and resides in the form of metrics, stateful and stateless conditions, and log events.

Fundamental questions arise when attempting to decipher this data. What does this information mean? What metrics deserve the most attention? How can intelligence into event data help drive smart choices in ongoing operations? How can this data help with strategic planning for growth? Infrastructure analytics helps answer these questions. By bridging the gap between raw metrics, and the desire for actionable steps by the administrator, Infrastructure analytics uses intelligence gathered from the infrastructure to help IT organizations achieve their goals of an optimized, efficient data center.

VMware vSAN plays a significant part in the transformation of infrastructures being dependent on proprietary hardware to a fully software defined data center (SDDC). Since vSAN provides a fully distributed storage solution that is integrated directly into vSphere, this strengthens the position of the hypervisor as the ideal control and monitoring plane for infrastructure analytics. VMware Aria Operations and VMware Aria Operations for Logs can offer a supreme level of infrastructure analytics for any vSphere environment, but especially those environments that are powered by vSAN.

This document is targeted at vSAN administrators who use VMware Aria Operations and VMware Aria Operations for Logs. It aims to provide tangible examples of operationalizing these solutions in a vSphere environment that is partially, or fully powered by vSAN. In addition to the examples provided, an assortment of operational tips, explanations, and guidance will be provided that will help an new and experienced users make the very best use of these solutions.

VMware Aria Operations and Aria Operations for Logs offer a unique level of insight and intelligence of a data center. By using sophisticated analytics engines, VMware Aria take raw metrics, and provides meaning and context an environment. It extracts the data collected by VMware vCenter, as well as many other solutions through its extensible framework. A set of APIs are used to collect this data from vCenter and vSAN, and allows for further analysis and manipulation of data that is not available in vCenter.

VMware Aria Operations and VMware Aria Operations for Logs focus on two different aspects of the data center, and can be used separately, or together. The distinctions between the purpose of each product will be provided later in this document.

VMware Aria Operations for Logs is a log aggregation, management, and analytics solution that gives the data center administrator an easy way to see context, correlation, and meaning behind otherwise obfuscated log content. VMware Aria Operations for Logs can aggregate log data from a variety of sources, and is extensible to over 40 applications using its content pack framework. When used correctly, with the right tools, log data can provide context and understanding to changing conditions in the data center.

VMware Aria Operations for Logs' streamlined integration with VMware's portfolio of solutions is immediately noticeable upon first use. As Figure 1-2 illustrates, log data is automatically collected from vCenter, analyzed, and presented in a manner that is easy to consume. Many of VMware Aria Operations for Logs' prebuilt dashboards offer unique intelligence around vCenter log data. It can be used to easily track changes in the data center without extensive knowledge by the administrator of the actual log entries.

VMware Aria Operations for Logs still uses the content pack framework from previous editions, but vSAN dashboards, as shown in Figure 1-3, are now included at the time of installation, making it easy to deploy and use in a vSAN powered environment. Out of the box, VMware Aria Operations for Logs provides the following:

VMware Aria Operations for Logs also allows for a user to easily drill into the log events and queries behind a given widget for further analysis. Figure 1-4 illustrates the "Interactive Analytics" view of the "Object Component State - Resyncing" widget found in the vSAN "Object Events" dashboard. Interactive Analytics are available from the home page of VMware Aria Operations for Logs, or within each widget.

While many associate VMware Aria Operations for Logs core competency as the ability to detect and find logged errors and failures, this overlooks one of its most valuable capabilities: Viewing non-error event data to provide a clear understanding of activities by the system. This provides a comprehensive understanding into a health operating data center, and is why many of the dashboards are focused on non-error event data.

RECOMMENDATION: Use the Interactive Analytics within a widget. By clicking on the "open in Interactive Analytics" icon in the upper right of a selected widget, this will jump to the Interactive analytics view, but do so using the query used by the widget being viewed. This can also be a helpful way to understand how queries are built in VMware Aria Operations for Logs.

VMware vSAN generates a high volume of log data. This log data is saved in a binary, compressed format to /var/log/vsantraces on each ESXi host in a vSAN cluster, and is comprised of two types of data.

When redirecting vSAN trace-level messages to a syslog server , urgent traces will continue to be written to the host. Urgent traces are simultaneously decompressed, and converted from binary to human readable format as they are forwarded to a syslog server. Acting as a syslog collector, VMware Aria Operations for Logs will ingest vSAN urgent traces, and make them available for prebuilt, or custom dashboards and widgets. The installation of it in an environment will automatically configure the vSAN hosts to send vSAN urgent traces to VMware Aria Operations for Logs.

VMware Aria Operations for Logs is primarily focused on collecting logs from vCenter, and other sources through it's "content pack" framework. ESXi host crash dumps and other host logs are NOT collected by Aria Operations for Logs. Furthermore, due to the intensity of writes of log data, hosts that use a USB/SD device as an ESXi boot device are not used in the same way if booting ESXi from a traditional storage device. Booting ESXi from a traditional storage device (SSD, HDD, SATADOM) offers much more flexibility than from USB/SD , and may be a design consideration to reevaluate in both vSAN, and non-vSAN clusters.

The Host state information dashboard, as seen in Figure 1-5, is a good overview of how vSAN treats host membership and roles. Its primary focus will be around activities of the host itself, such as additions or changes in host membership to a vSAN cluster.

3a8082e126