Log Insight Query API: Use Cases, Basics, Caveats, and Best Practices

In my last post, I covered the new query API available in Log Insight 3.3. If you read the post then you can see there is a lot of information and while some examples were provided, it may not be easy to understand the basics of the API. In this post, I would like to focus on the basics as well as use cases, caveats, and best practices. Read on to learn more!

li-logo

Continue reading

Log Insight: Ingestion API versus Syslog Protocol Part 2/2

In my last post, I talked about the differences between how events are displayed over the syslog protocol, which has a strict format structure, and the ingestion API, which sends events as-is. In this post, I would like to talk about the differences between using the syslog protocol versus the ingestion API when it comes to the Log Insight agent and the Log Insight forwarder.

not_equal_to_u2260_icon_256x256

Continue reading

Log Insight: Ingestion API versus Syslog Protocol Part 1/2

As you know, Log Insight introduced an ingestion API with the 2.0 release. This ingestion API can be used by anyone, but is leveraged by default by the Log Insight agent available for Windows as of 2.0 and Linux as of 2.5. The ingestion API is powerful because it provides functionality beyond what the syslog RFC defines, but it is important to note that events received over each protocol may look different. Read on to learn more.

not_equal_to_u2260_icon_256x256

Continue reading