Log Insight collects and analyzes all types of machine-generated log data. Log Insight handles ingestion of data from either the syslog protocol or the Log Insight Ingestion API.

Send any type of text-based data using these two methods, including unstructured text, JSON, XML, and more. For more information about the Log Insight Ingestion API, see the VMware vCenter Log Insight Developer's Guide.Log Insight does not pull data from devices. Instead, you configure devices to forward events to Log Insight.

Log Insight can connect to everything in your environment, including operating systems, vCenter Servers, ESXi hosts, storage, firewalls, and network devices for enterprise-wide visibility through log analytics.

In a clustered Log Insight deployment, you configure one master node and up to five worker nodes. To handle data ingestion high availability over syslog and the Log Insight Ingestion API, you must utilize an external load balancer in front of the cluster. In addition, you must deploy the cluster in an N+1 configuration to handle node failures. With this configuration, if any node goes down, the load balancer can redirect traffic to the remaining nodes. If the master node goes down, queries are unavailable until the master is back online. You can direct web traffic directly to the master node or send it to the load balancer as long as you configure the load balancer to forward web ports only to the master.