Log Insight and vRealize Operations Manager have always featured integration. Over time, the integration has become tighter and tighter. With Log Insight 3.6 and vRealize Operations Manager 6.3, the integration has become even better. Read on to learn more!
Background
One of the first integrations between Log Insight and vROps was via alerts. The idea was simple: vROps already has a rich alert management system and Log Insight supports sending alerts so why not have Log Insight send alerts to vROps? To do this, vROps notification events were leveraged. The net result was that you could get the alert name sent to vROps enriching your existing, structured metric data with your unstructured log data.
While this integration was helpful, it suffered from two significant limitations:
- Only the name of the alert was sent over — the description, actual event results, and links back to Log Insight were missing. This meant you were forced to context switch between two products in order to perform troubleshooting and root cause analysis.
- Log Insight alerts sent to vROps required manually clearing — by default, vROps alerts automatically clear in 10 minutes. Log Insight alerts did not automatically clear. This meant you could accumulate stale alerts in vROps and had to perform manual cleanup, which was not necessary for most other types of alerts.
Well, I am happy to announce that both of these issues are fixed in Log Insight 3.6 and vROps 6.3!
IMPORTANT: You need to upgrade BOTH Log Insight and vROps for the enhancements to work.
Let’s walk through each enhancement.
Alert Contents
Now, when you go to the Alerts page of vROps you will see Log Insight events shown like:
The only difference is the alert name format has changed from:
Notification event – <Log Insight alert name>
To:
Notification event – “Log Insight: <Log Insight alert name>”
When you select the alert, you will see details similar to:
You will notice two differences on the alert details page:
- Notes as well as a recommendation can be shown for Log Insight alerts (screenshot above only shows notes)
- Notes are the same as the notes defined in the Log Insight alert through the UI
- Recommendation is only exposed to content pack authors as of Log Insight 3.6
- The notification event can be expanded
When you expand the event, you will see something similar to:
Look at all that detail! If you are familiar with Log Insight email alerts then the format should look remarkably similar.
Note: Log Insight email alerts are generic while vROps alerts are object based. The alert results sent to vROps are generic and NOT object based. This means that object based alerting WILL work from Log Insight to vROps, BUT the results in the alert details may NOT be object specific. As a concrete example, take a look at the screenshot above. The alert is for esx03.sflanders.net, however if you look at the results, the last one is from esx04.sflanders.net. This means you will have an alert for both esx03.sflanders.net and esx04.sflanders.net in vROps — this is confirmed with the first screenshot above — and each may have results from the other.
Alert Auto Clear
In addition, when you create alerts in Log Insight to vROps, you now have the option to configure the alert to auto clear. This option is disabled by default to ensure there is no behavior change from previous versions of Log Insight. If you check the checkbox then the alert will be automatically cleared in 10 minutes.
© 2016, Steve Flanders. All rights reserved.