VMware vRealize Log Insight 3.0 Release Notes
vRealize Log Insight 3.0 GA (Build 3021606)
Last Document Update: 20 March 2017
Check frequently for additions and updates to these release notes.
These release notes include the following topics:
Introduction to vRealize Log Insight 3.0
VMware vRealize Log Insight 3.0 delivers the best real-time log management for VMware environments. Machine learning-based Intelligent Grouping and high performance search enables faster troubleshooting across physical, virtual, and cloud environments. vRealize Log Insight can analyze terabytes of logs, discover structure in unstructured data, and deliver enterprise-wide visibility using a modern Web interface.
What's New in vRealize Log Insight 3.0?
This release includes the following enhancements.
vRealize Log Insight for Large Environments
- Each node can ingest two times more data per second than in vRealize Log Insight 2.5.
- Ingestion rates of up to 15,000 events per second (eps) are supported per node.
- The number of nodes that can be included in a vRealize Log Insight cluster has doubled.
- A cluster of 12 nodes can be formed that can process 2.7 TB of data per day.
Powerful Analytics Engine
- Multi-Function Charts
Compare different aggregation functions within the same chart using the multi-function chart. Chart multiple functions, such as MIN, MAX, and AVG.
- Interactive Analytics Snapshots
Visualize your log browsing history for an improved workflow using the snapshots feature. Compare two or more queries or save multiple snapshots to create new dashboards. For more information, see the vRealize Log Insight User's Guide.
- URL Shortener
Share shortened URLs with your colleagues when directing them to Interactive Analytics.
- Event Types Highlighter
Identify individual events quickly by highlighting an Event Type. Event Types show summarized event data. All messages with a similar structure are grouped together and treated as a single Event Type.
- Event Trends
Set custom time periods as baselines when comparing event trends.
Low Touch Administration
- High Availability Through a Leader-Based Architecture
If a master node is removed from service temporarily, another node assumes the role, enabling high availability for Query, Alerting, and Configuration processes.
- Hands-Free Rolling Upgrades
Upgrade a cluster of vRealize Log Insight nodes at the click of a button. Each node is removed from service gracefully, and upgraded without the need for an external load balancer.
- Event Forwarding with UDP Support
The vRealize Log Insight Event Forwarder now supports syslog over UDP in addition to TCP.
Lightweight Agent for Data Collection
- Agent Group Configuration
Apply agent configurations to a group of agents from the vRealize Log Insight user interface, enabling classful centralized mass-configuration.
- Client-Side Parsers
Achieve faultless event parsing by providing a list of fields within the agent configuration file. Key-value pairs (KVP), comma-separated values (CSV), Apache Common Log Format (CLF), and flexible timestamps are supported. For more information, see the vRealize Log Insight Administration Guide.
- vRealize Log Insight Agents Support Communication Over SSL
In addition to support for securely sending data over CFAPI SSL, vRealize Log Insight 3.0 now supports sending events over syslog with SSL.
vRealize Log Insight 3.0 Documentation
- Backup, Restore, and Disaster Recovery
Guidelines and recommendations can help you guard against expensive datacenter downtime. Best practices can be followed to perform backup, restore, and disaster recovery operations. For more information, see the Backup, Restore, and Disaster Recovery Best Practices.
- vRealize Log Insight 3.0 GA Configuration Limits
When you configure vRealize Log Insight, you must stay at or below the supported maximums. For more information, see the vRealize Log Insight 3.0 GA Configuration Limits.
Top of Page
Before You Begin
Review this section before you begin installing and configuring vRealize Log Insight.
Ports Used by vRealize Log Insight
- Port 53 TCP and UDP need to be open from all nodes within a cluster for DNS resolution.
- Ports 389 TCP and UDP, 636 TCP, 3268 TCP, and 3269 TCP need to be open from all nodes within a cluster for Active Directory integration.
- An upgrade to vRealize Log Insight 3.0 requires a connection to Ports 80 and 443 on the master node.
For a list of all ports required for correct communication, see Ports and External Interfaces that the vRealize Log Insight Virtual Appliance Uses in the vRealize Log Insight Security Guide.
Virtual Appliance Deployment
- Use the instructions in the vRealize Log Insight Getting Started Guide to install and configure the vRealize Log Insight virtual appliance.
- Always configure the master node in a cluster setup of vRealize Log Insight with a fully qualified domain name (FQDN) and a static IP address.
- It is highly recommended that you configure a minimum of three nodes in a vRealize Log Insight cluster to provide ingestion, configuration, and user space high availability.
- vRealize Log Insight does not support removing worker nodes that are functioning correctly from a vRealize Log Insight cluster.
Important Security Updates
Licensing vRealize Log Insight 3.0
- After you deploy the vRealize Log Insight virtual appliance, you must assign a valid license key.
- All license management tasks are performed in the vRealize Log Insight Administration Web interface. The URL is http://log-insight-ip/admin/license, where log-insight-ip is the IP address of the vRealize Log Insight vApp. Follow the instructions in the vRealize Log Insight Administration Guide to assign a license.
Top of Page
This vRealize Log Insight 3.0 version supports the following VMware products and versions:
- Log Insight can pull events, tasks, and alarms data from VMware vCenter Server 5.0 and later.
- ESXi 5.0 and later hosts can be configured to push syslog data to vRealize Log Insight.
- You can integrate vRealize Log Insight with vRealize Operations Manager as follows.
- The vCenter Operations Manager version must be 5.8.4, or later.
- The vRealize Operations Manager version must be 6.0, or later.
- You can remove the vRealize Log Insight adapter that enables launch in context:
- From Administration > Solutions in vRealize Operations Manager 6.0.x.
- From the Administration user interface in vCenter Operations Manager 5.8.
- From vRealize Log Insight 3.0.
This vRealize Log Insight 3.0 version supports the following browser versions. More recent browser versions also work with vRealize Log Insight, but have not been validated.
- Mozilla Firefox 29.0 and 38.0
- Google Chrome 29.0, 34.0, and 43.0
- Safari 6.0, 7.0
- Internet Explorer 10.x and 11.x
Note: Internet Explorer Document mode must be used in Standards Mode. Other modes are not supported. The Compatibility View browser mode is not supported.
The minimum supported browser resolution is 1024 by 768 pixels.
Important: Cookies must be enabled in your browser.
vRealize Log Insight Windows Agent Support
In vRealize Log Insight 3.0, the vRealize Log Insight Windows agent supports the following versions.
- Windows Vista, Windows 7, Windows 8, and Windows 8.1
- Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2
vRealize Log Insight Linux Agent Support
In this vRealize Log Insight release, the vRealize Log Insight Linux agent supports the following distributions and versions.
- RHEL 5 Update 10, RHEL 6 Update 5
- SLES 11 SP3
- Ubuntu 12.04 LTS and 14.04 LTS
Top of Page
This vRealize Log Insight 3.0 version has the following limitations:
- vSphere ESXi 6.0 cannot establish SSL connections to vRealize Log Insight 3.0. This issue is resolved in ESXi 6.0 Update 1.
- vRealize Log Insight does not handle non-printable ASCII characters correctly.
- vRealize Log Insight does not support printing. However, you can use the Print options of your browser. The printed results might vary depending on the browser that you use. We recommend Internet Explorer 10 or Firefox for printing vRealize Log Insight user interface.
- The hosts table might display devices more than once.
The hosts table might display devices more than once with each in different formats, including some combination of IP address, hostname, and FQDN. For example, a device named foo.bar.com might appear as both foo and foo.bar.com.
The hosts table uses the hostname field that is defined in the syslog RFC. If an event sent by a device over the syslog protocol does not have a hostname, vRealize Log Insight uses the source as the hostname. This might result in the device being listed more than once because vRealize Log Insight cannot determine if the two formats point to the same device.
vRealize Log Insight Windows and Linux Agents
- Non-ASCII characters in hostname/source fields are not delivered correctly when vRealize Log Insight Windows and Linux agents are running in syslog mode.
vRealize Log Insight Windows Agent
- The vRealize Log Insight Windows agent is a 32-bit application and all its requests for opening files from C:\Windows\System32 sub-directories are redirected by WOW64 to C:\Windows\SysWOW64. However, you can configure the vRealize Log Insight Windows agent to collect from C:\Windows\System32 by using the special alias C:\Windows\Sysnative. For example, to collect logs from their default location for the MS DHCP Server, add the following line to the corresponding section of the vRealize Log Insight Windows agent configuration file: directory=C:\Windows\Sysnative\dhcp.
vRealize Log Insight Linux Agent
- Due to an OS limitation, the vRealize Log Insight Linux agent does not detect network outages when configured to send events over syslog.
- The vRealize Log Insight Linux agent does not support non-English (UTF-8) symbols in field or tag names.
- The vRealize Log Insight Linux agent collects hidden files and directories by default. To prevent this, you must add an exclude=.* option to every configuration section. The option exclude uses the glob pattern .* which represents hidden file format.
- When standard output redirection to a file is used to produce logs, the vRealize Log Insight agent might not correctly recognize event boundaries in such log files.
IT decision makers, architects, administrators, and others who must be aware of the security components of vRealize Log Insight must familiarize themselves with the vRealize Log Insight Security Guide.
For details about how to secure your environment, see the Security guide and the VMware Security Advisories site.
Note: vRealize Log Insight runs its processes as root user of the virtual appliance. This might cause security risks to your environment. Always deploy vRealize Log Insight in trusted secure environments.
Top of Page
Virtual Appliance Requirements
This section lists the minimum suggested computing requirements and assumptions for the vRealize Log Insight virtual appliance.
- Memory: 8GB RAM
- vCPU: 4 vCPUs, 2GHz each
- Storage space: approximately 140GB
- In vRealize Log Insight 2.5, Active Directory Integration used outbound connections from the master node. In vRealize Log Insight 3.0, Active Directory integration uses outbound connections from all nodes.
- vRealize Log Insight does not support multiple domains for Active Directory login when they are not trusted domains.
- To pull events, tasks, and alarms data from a vCenter Server, you must provide a set of user credentials for that vCenter Server. The minimum role required to register and unregister vRealize Log Insight with a vCenter Server is Read-only, which must be set at the vCenter Server level and propagated to child objects. To configure ESXi hosts that a vCenter Server manages, vRealize Log Insight requires additional privileges. See the Known Issues section.
- vCenter Server host credentials are required to deploy the vRealize Log Insight virtual appliance.
- The default credentials for the vRealize Log Insight Admin user are admin/<blank>. To improve security, vRealize Log Insight requires you to change these credentials when you first access the vRealize Log Insight Web user interface.
- Unless you specify a root password or use guest customization during the deployment of the OVA, the default credentials for the root user on the vRealize Log Insight virtual appliance are root/<blank>. You are prompted to change the root account password when you first access the vRealize Log Insight virtual appliance console. Note that SSH is disabled until you set the root password.
- To enable notification events and the launch in context functionality in a vRealize Operations Manager instance, you must provide user credentials for that vRealize Operations Manager instance.
- User accounts that you create in vRealize Log Insight 3.0 require a strong password. The password must be at least 8 characters long and contain one uppercase character, one lowercase character, one number and one special character. Strong password requirements apply only to new user accounts that you create in vRealize Log Insight 3.0.
Top of Page
Upgrading from a Previous Version of vRealize Log Insight
vRealize Log Insight vRealize Log Insight 3.0 supports upgrading from vRealize Log Insight 2.5 GA and later. For more information, see the vRealize Log Insight Upgrade Path.
- When performing a manual upgrade, workers must only be upgraded one at a time. Upgrading multiple workers at the same time will cause an upgrade failure. When you upgrade the master node to vRealize Log Insight 3.0, a rolling upgrade occurs unless specifically disabled.
- Upgrading directly from vRealize Log Insight 2.5 Beta and earlier releases to vRealize Log Insight 3.0 is not supported. You must first upgrade to vRealize Log Insight 2.5 GA, and then upgrade to vRealize Log Insight 3.0.
- vRealize Log Insight does not support two node clusters and vRealize Log Insight 3.0 does not support upgrading a 2-node vRealize Log Insight 2.5 cluster to vRealize Log Insight 3.0. Add another node before upgrading.
- Upgrading vRealize Log Insight 2.5 to vRealize Log Insight 3.0 must be done from the master node's FQDN. Upgrading using the Integrated Load Balancer IP address is not supported.
- When upgrading from vRealize Log Insight 2.5, a dialog on the appliance may state the upgrade cannot be confirmed. Click OK in the dialog and wait for the upgrade to finish. It is possible that the master node is taking a long time to start.
vRealize Log Insight 3.0 is available in the following languages:
- The vRealize Log Insight server web user interface is localized to Japanese, French, German, Simplified Chinese, Traditional Chinese and Korean.
- The vRealize Log Insight server Web user interface supports Unicode data, including machine learning features.
- The vRealize Log Insight agent works on non-English native Windows.
- The agent installer and content pack are not localized. Parts of the vRealize Log Insight server Web user interface might still show strings and have layout issues.
- The vRealize Log Insight server Web user interface might display garbage characters in Internet Explorer 10 if the language setting is switched from English to any of the four supported Asian Languages. The workaround is to close and relaunch the browser.
- vRealize Log Insight is interoperable with localized versions of vCenter Server and vRealize Operations Manager. However, Content Packs depend on matching non-localized log messages. vCenter Server events are retrieved in its default locale, which should be set to en_US. For more information, see http://kb.vmware.com/kb/2121646.
- Integration with Active Directory, vSphere and vRealize Operations Manager for user names with non-ASCII characters is not supported.
- The date/time calendar format shown on the vRealize Log Insight server Web user interface is English only and does not display language/locale settings.
- Localization of event logs is not supported. Event logs only support UTF-8 and UTF-16 character encoding
Top of Page
In addition to these Release Notes, you can access the complete documentation set for vRealize Log Insight 3.0 from the VMware vRealize Log Insight Documentation website.
This section contains issues that have been resolved since the vRealize Log Insight 2.5 release.
- An Agent Group copied from a Content Pack template is not applied properly to agents in vRealize Log Insight 2.5 and earlier releases.
The agent logs do not show the complete error message; the defined sections are skipped.
Active Directory integration with vRealize Operations 6.x is not supported
Authentication with vRealize Operations Manager 6.x from the vRealize Log Insight Administration user interface using Active Directory/LDAP credentials is not supported.
- The agent collects old files after a configuration change
If you change the configuration parameters for directory/exclude/include, but do not change the channel's name, the agent treats all files in the specified location as new. All files that meet the new configuration criteria are recollected.
- vRealize Log Insight times out when populating the field list
The server and client timeout settings do not support populating the field list when the master is heavily loaded.
- Alerts are triggered for users configured with role-based access control (RBAC) databases
If a user is created with an RBAC data set, and an alert is created for a query with a "Group By" value, log messages fall outside of the the RBAC data set and trigger alerts.
- Alerts that are sent to vRealize Operations Manager fail
Alerts fail if vmw_vr_ops_id is used as a filter.
- vRealize Log Insight fails to start
If Apache Cassandra takes too long to start, vRealize Log Insight may determine that Cassandra has failed which may cause a start failure. Restarting vRealize Log Insight may address this issue.
- vRealize Operations Manager notifications are auto-cancelled after five minutes
vRealize Log Insight alerts creates vRealize Operations Manager notifications that are automatically cancelled after five minutes.
- The vRealize Log Insight Alert log contains duplicate alert entries
In previous versions of vRealize Log Insight, the alert.log file can contain duplicate entries for the some alerts. An entry in the alert.log is a Json-encoded object with Name, Info, HitCount, Url, EditUrl, and Data properties. In vRealize Log Insight 3.0, there might be multiple entries for a single alert and the Data property can contain an object with Message and Fields properties for each log entry that triggered the alert.
Top of Page
This section contains known issues for this release.
Deployment and Configuration
- Event forwarding stops working after upgrading deployments that use SSL when JRE is upgraded as part of the deployment.
JRE is upgraded as part of vRealize Log Insight upgrade. For sites configured with SSL, certificate information remains
stored in the old JRE version therefore the certificate cannot be retrieved for the upgraded installation and event forwarding fails.
Workaround:Reimport the certificate using the procedure "Configuring vRealize Log Insight Event Forwarding
with SSL" in the vRealize Log Insight documentation center.
- When upgrading from vRealize Log Insight 2.5, a dialog on the appliance may state the upgrade cannot be confirmed.
It is possible that the master node is taking a long time to start.
Workaround: Click OK and wait for the upgrade to finish.
- New vRealize Log Insight deployment fails to start.
On rare occasions, when you first deploy a vRealize Log Insight virtual appliance you might see the error message Failed to start new deployment.
Workaround: Restart the newly-deployed vRealize Log Insight virtual appliance.
- New vRealize Log Insight deployment fails to bootstrap.
If you deploy a vRealize Log Insight appliance and do not bootstrap it shortly after deployment, you might see the error message Failed to start new deployment when you try to bootstrap it later.
Workaround: Restart the newly-deployed vRealize Log Insight virtual appliance.
- Running parallel configuration tasks might result in incorrect settings.
For example, if two administrator users try to run configuration tasks simultaneously on a target ESXi host, it might result in incorrect syslog settings.
Workaround: Verify that no other administrator user is configuring the settings that you intend to configure.
- A vRealize Log Insight cluster does not handle network or power outages when using DHCP.
If you use DHCP to set up the network configuration of a vRealize Log Insight cluster and a network or power outage occurs, the cluster will stop operating. This happens because of the change in the IP addresses of the master and worker nodes.
Workaround: Always configure the master node with a fully qualified domain name (FQDN) and a static IP address. If the master node experiences an outage while a worker node continues to operate, the worker node sends an alert to the administrator of the cluster.
- During a vRealize Log Insight cluster upgrade you might see HTTP Error 401: Unauthorized
During, or immediately after you upgrade a vRealize Log Insight cluster, you might see HTTP Error 401: Unauthorized when you try to access the Web user interface.
Workaround: The error is transitory and disappear after a minute or so.
- WAN clustering is not supported by vRealize Log Insight
vRealize Log Insight does not support WAN clustering (also called geoclustering, high-availability clustering, or remote clustering). All nodes in the cluster must be deployed in the same layer 2 LAN. In addition, the ports described in the security guide must be opened between nodes for correct communication. For more information, see Ports and External Interfaces that the vRealize Log Insight Virtual Appliance Uses in the vRealize Log Insight Security Guide.
- The virtual appliance does not make the appropriate changes during boot after OVF properties are changed.
When you make changes to the OVF they are not put into effect after a reboot. A second reboot uses the new values.
Workaround: Restart the vRealize Log Insight appliance.
- Messages get lost when restarting the Event Forwarder
If you restart an Event Forwarder during the forwarding process, messages that reside in the non-persistent cache might get lost.
- vRealize Log Insight is not interoperable with localized versions of vCenter Server and vRealize Operations Manager.
Workaround: Refer to Knowledge Base article 2121646 for a workaround procedure.
- The Administration user interface shows multiple agents with the same IP address
In rare cases, multiple agents with the same IP address can appear in the Administration user interface. Only one of the agents displayed is active and is the valid running agent. The other invalid agents display with the state "disconnected."
Workaround: Restart vRealize Log Insight.
- You cannot name a smart field in the Event Types tab if you do not have the Edit Shared permission.
When you open the Event Types tab and click on one of the automatically detected fields (smart fields), a context menu appears. If you have the Edit Shared permission, you can give the field a friendly name that can then be used for regular queries. If you do not have the Edit Shared permission, you cannot name the field and can only refer to it using the application-generated name, for example smart field host (2) [v2_3cb0181].
Workaround: If you require the ability to name a smart field, verify that you have the Edit Shared permission.
- You cannot check the status of an import operation if your user session ends before the end of the import.
To start the data import process, you connect to a vRealize Log Insight instance through a SSH session or through the virtual appliance console. The data import process might take a long time. In the case of SSH, if the SSH session terminates unexpectedly, or you close the SSH session before the import process completes, you cannot check whether the import completed successfully.
Workaround: Install a "screen" package on the vRealize Log Insight virtual appliance. This package allows you to run Linux processes in the background without interruption, even when you disconnect from an SSH session.
- The import of archived log data might fail if vRealize Log Insight cannot access the NFS server on which data is stored.
If, during the data import process, the NFS server becomes inaccessible due to network failure or errors on the NFS server, the import of archived data might fail.
- The import of archived data might fail if the vRealize Log Insight virtual appliance runs out of disk space.
The vRealize Log Insight repository import utility does not check for available disk space on the vRealize Log Insight virtual appliance. Therefore, the import of archived logs might fail if the virtual appliance runs out of disk space.
- vRealize Log Insight does not display progress information during log imports.
As the import of archived data is in progress, you are unable to infer from the console output how much time is left before the import finishes or how much data is already imported.
- vRealize Log Insight might run out of disk space even though data archiving is enabled.
If the network connection to the NFS storage is slow, and the rate of the incoming data is later than the data archiving rate, vRealize Log Insight might run out of disk space.
Administration - SMTP, vRealize Operations Manager, Active Directory Known Issues
- You can see messages related to launch in context even if launch in context is not enabled or not supported in the vRealize Operations Manager version that you use.
The details of vRealize Log Insight notification events that appear in the vRealize Operations Manager User interface contain the following message that suggests using the launch in context feature:
Log Insight found <Number> messages matching the criteria for alert "<Name of the Alert>": Use the context menu item to review the matches in Log Insight.
This message appears even if you have not enabled launch in context, or if you are using vRealize Operations Manager versions earlier than 5.7.1 that do not support launch in context.
Workaround: Ignore the message if launch in context is not enabled in your instance of vRealize Operations Manager. Open a browser and type the IP address of the vRealize Log Insight virtual appliance to search for matching messages related to the notification event.
- Email notifications might be dropped if you use the default SMTP settings of vRealize Log Insight.
If, in the vRealize Log Insight administration interface, you leave the default SMTP settings of localhost:25, the email notifications that vRealize Log Insight sends might be dropped by the receiving email server, such as Yahoo or Gmail.
Workaround: Use the Send Test Email option and verify that you receive an email to validate that email notifications are not being dropped.
- You cannot change the network properties of the vRealize Log Insight virtual appliance at run time.
vRealize Log Insight does not support changing the IP address, network mask, gateway, DNS, or hostname of the virtual appliance at run time.
Workaround: You can only make network configuration changes using the vApp options of the vRealize Log Insight virtual appliance.
- Open a vSphere Client and locate the vRealize Log Insight virtual appliance.
- Shut down the virtual appliance.
- Right-click the virtual appliance, select Edit Settings, and under vApp options apply the changes to the network configuration.
- Power on the virtual appliance.
Note: You must re-enable launch in context each time you change the network properties of the vRealize Log Insight virtual appliance.
- Accessing the HTTPS-based secure web interface at https://<loginsight-host>/ generates an invalid SSL certificate warning.
By default, vRealize Log Insight installs a self-signed SSL certificate. The self-signed certificate generates security warnings when you connect to the vRealize Log Insight Web user interface.
Workaround: You can ignore these security warnings. If you do not want to use a self-signed security certificate, an admin user can install a custom SSL certificate. For the procedure for uploading a custom SSL certificate, see the vRealize Log Insight Administration Guide. The use of a custom SSL certificate is optional and does not affect the features of vRealize Log Insight.
- Active Directory (AD) binding user disallows valid special character '@' .
When integrating with Active Directory, vRealize Log Insight disallows the valid special character '@' that should be allowed in Active Directory.
Workaround: Choose a binding username that does not contain the '@' character.
- vRealize Log Insight cannot send alerts against an object in vRealize Operations Manager when the name of the object has changed.
When you set up notifications in vRealize Log Insight against an object in vRealize Operations Manager, after which the name of the object is changed, vRealize Log Insight can no longer generate alerts against that object.
Workaround: Update the alert to point to the renamed object.
- vRealize Log Insight Active Directory (AD) users cannot log in when the binding credentials for the AD domain have expired.
vRealize Log Insight uses a binding user to control integration with Active Directory in a number of scenarios. For example, when a user specifies a UPN suffix that has not been seen by vRealize Log Insight, it uses the binding credentials to determine if that suffix is an alias for a domain that has users or groups with access. If the binding credentials are invalid, vRealize Log Insight cannot perform the query and authentication fails.
Workaround: Verify that AD credentials of the binding user are current. Navigate to Administration > Authentication, enter the credentials and click Test Connection.
- One or more nodes in a vRealize Log Insight cluster restart when the DNS server is unreachable.
If the master node of your vRealize Log Insight cluster is configured with a fully qualified domain name (FQDN) and the DNS server becomes unreachable, the watchdog on the node restarts the node. If the DNS server comes back up, the restart succeeds. Otherwise, the watchdog makes 12 restart attempts after which the node is marked as disconnected from the cluster.
Workaround: Configure the vRealize Log Insight master node with a static IP address.
- The Interactive Analytics chart indicates that it has more data to load even though the back end has finished searching.
On rare occasions, the interactive analytics chart indicates it is still loading but the progress bar stops moving for several minutes. Although the search might have finished in the back end, the chart does not show the full results. This behavior is triggered more frequently if you choose a smaller time window grouping from the 1 bar = toggle in the upper right of a time series chart.
- The Interactive Analytics page does not show dynamically extracted fields inline.
If a search query lasts longer than one progress iteration (3-5 seconds), the list of events under the Events tab on the Interactive Analytics page does not show dynamically extracted fields inline.
- Worker nodes that are in maintenance mode send notifications when the vRealize Log Insight master node is down.
When the vRealize Log Insight master node is down, each worker node sends an alert email notification to the admin that the master is down. If one of the worker nodes is in maintenance mode, it is not expected to send such a notification, but it does.
Workaround: Ignore the alert email.
- A Worker node that is in maintenance mode automatically reconnects to the vRealize Log Insight master node.
If you put a vRealize Log Insight worker in maintenance mode and restart it, the worker automatically reconnects to the vRealize Log Insight master node.
Workaround: Manually put the worker node back in maintenance mode immediately after it restarts.
Top of Page