Log Intelligence versus Log Insight

Here it is, the blog post you have all been waiting for — Log Intelligence versus Log Insight. Well, actually it is Log Intelligence and Log Insight.The post will answer why two products with two different names. Read on to learn more!

versus

Use-Cases

The use-cases for both products are identical: troubleshooting and root cause analysis. Neither product is targeted toward the security market — often referred to as SIEM — today.

Personas

While the use-cases for both products are the same, the personas are different. The primary difference is that Log Intelligence supports a couple use-cases that Log Insight does not today. Namely:

  • VMware Cloud (VMC)
  • AWS EC2

Protocols

In terms of protocols, both products are the same in that they support:

  • Syslog
  • CFAPI (Log Insight proprietary format)

Log Intelligence does actually support any JSON structure, but today only CFAPI is mentioned.

Features

The features between the two products are similar but there are some things that Log Intelligence has that Log Insight does not and vice versa. Let’s walk through some of these:

Home Page

Log Intelligence has one and Log Insight does not. This page features a few features including:

  • Query assist over events and content
  • Recent alerts
  • Event observations

More information about the home page can be found here.

Dashboards

Both products feature Dashboards, but today Log Insight offers more sophisticated dashboards. Log Intelligence offer a single shared dashboard with immovable cards and a maximum of six cards today. Expect to see changes to this in the future.

Explore / Interactive Analytics

Both products offer a way to query over events and represent the data in different ways. Visually, both implementations look very similar, but technically there are some differences.

Some missing Log Intelligence capabilities from Log Insight today include:

  • Snapshots — has pinboard instead
  • URL Shortener (i.e. share link) — long URL works though
  • Schema Discovery
  • Event Trends
  • Table View
  • Export

Some new Log Intelligence capabilities that Log Insight does not have:

  • Alerts — both on visualization as well as under Events
  • Pinboard
  • Event Annotations
  • Query collapse

Content

Both products offer content, but today Log Intelligence only offers static content for the SDDC. Arguably, any user of Log Intelligence can create their own content like in Log Insight, however this is no way to export created content today. Log Intelligence does offer some additional pieces of content over Log Insight, namely:

  • Event annotations
  • Event observations

Again, expect to see changes to this in the future.

Other

Finally, we have the other category. In Log Insight, this would be everything found under the Administrative section. For Log Intelligence this would be everything under the Alerts and Manage sections. Given the products are deployed differently, they offer different features. Let’s cover the delta today:

  • Log Intelligence offers alerts in the UI — Log Insight does not today
  • Log Insight offers metadata tagging — Log Intelligence does not today
  • Log Insight recommends the Log Insight Agent — Log Intelligence recommends any syslog agent
  • Both support email and webhooks — Log Intelligence allows for webhook payloads to be defined within the product, but can only send them to Internet facing addresses
  • Log Insight offers vSphere and vROps integration — Log Intelligence does not, though it does offer VMC integration
  • Both offer an alert definitions page
  • Cluster options in Log Insight are not applicable to Log Intelligence

Pricing

Here you will find another difference between the products. Log Insight is charged by OSI and/or CPU while Log Intelligence is charged by GB/mo. This difference is because Log Intelligence runs on AWS and AWS charges by GB.

Summary

As you can see, the two product are very similar. So why two products with two different names? As you can see, the two products are not 100% the same so different names make sense. As to why to products, the answer is choice. If you want an on-prem solution that you manage yourself then Log Insight would be a good choice. If you want someone to manage the solution for you and would like to extend beyond the SDDC then Log Intelligence would be a good choice.

© 2018, Steve Flanders. All rights reserved.

Leave a Reply