Log Insight 3.0 UI: Snapshots

This week, I would like to talk about the new UI features in Log Insight 3.0 and specifically the ones applicable to all users — not just admin users. First up, I would like to show off the new snapshot feature. Read on to learn more!
li-logo

Background

The Interactive Analytics (IA) page is where you can do deep troubleshooting and analysis of your log events in Log Insight. This page provides a lot of capabilities including:

  • Search: Text, glob and regex
  • Aggregation: Count, unique count, and mathematical functions
  • Groupings: Over time and any available fields
  • Alerts: With thresholding, notes and the ability to send to multiple destinations
  • Sharing: Export and URL
  • Favorites: Text-based search saving

In Log Insight 3.0, the IA page layout has changed slightly:
li-30-ia
As you can see, the changes are near the top of the screen and the one new addition is the Snapshot button in the upper right-hand corner. So what does this button do?

Snapshot

Well as mentioned above, IA supports favorites in the form of text-based search saving:
li-30-text-favorites
Snapshots are similar to favorites, but are visual. Not only are they visual in depiction, they are also visually displayed on the bottom part of the screen:
li-30-snapshots
By default, the snapshot is saved with a name based on the timestamp the snapshot was taken. The name can be changed just by selecting it:
li-30-snapshot-rename
The bottom navigation supports infinite snapshots and you can drag and drop them to change the order:
li-30-snapshot-move2
You also have the option to hide the bottom navigation:
li-30-snapshot-hide
Finally, it is important to note that snapshots are saved on a per-user basis.

Use-Cases

So why would you want to use snapshots? Here are a few use-cases:

  1. Favorites: Maybe you run the same queries frequently and every time you log into your Log Insight instance you want a quick way to run the queries you care about. Of course you could use the Dashboards page for this, but then to drill down or see complete message results you would need to context-switch to IA. With snapshots you can do this all from the IA page. Visual favorites can also be easier to decipher between then text favorites.
  2. Troubleshooting/History: Well, think about a troubleshooting workflow where you construct a query and want to save it for later (i.e. snapshot). Then you want to further drill-down and save another query (i.e. snapshot). Perhaps you then want to construct a brand new query and save it for later (i.e. snapshot). This cycle could continue as much as needed. In the process of constructing queries you may learn something new and need to refer back to a previous saved query — simply select the snapshot and your previous query is returned. Every snapshot can provide an active history of previous queries.
  3. Content Pack authors: Let’s say you are working on a content pack. You can use snapshots to save the different queries you come up with. When you are done, you can save the snapshots you have created to a dashboard:
    li-30-snapshot-save

Summary

As you can see, snapshots are a powerful addition to the IA page. For many, this new feature can eliminate the need to frequent the Dashboards page. Remember that snapshots are saved per-user today. Have you tried out the new snapshot feature yet? What do you think?

© 2015, Steve Flanders. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top