Search logs in vRealize Log Insight Cloud using PowervRLICloud

munishpalmakhija

 

In my previous blog, I announced the release of PowervRLICloud, a PowerShell module that abstracts the VMware vRealize LogInsight Cloud APIs to a set of easily used PowerShell functions. This tool provides a comprehensive command-line environment for managing your VMware vRealize LogInsight Cloud environment

In this blog, I will show how easy it is to search for logs using PowervRLICloud. I will share examples of all the filter options available in the Explore Logs UI

In the UI you can perform a search using the following Filters

  1. Exists
  2. Does not exist
  3. Contains
  4. Does not contain
  5. Starts with
  6. Does not start with
  7. Matches regex

Getting Started

Pre-requisites

You need to have the following pre-requisites

  1. vRealize LogInsight Cloud API Token
  2. PowerShellVersion = ‘6.0’ and Above

Connect to vRLI Cloud 

Connect-vRLI-Cloud -APIToken “APIToken”

Execute Queries

Filter 1 

Exists

Commands/Query

$queryId = Post-Query-Request -SQlQuery “SELECT * FROM logs where sddc_id=exist() ORDER BY ingest_timestamp DESC” -Duration 60
$response = Get-QueryResponse -QueryId $queryId
$response.logQueryResults | more

 

Filter 2

Does not exist

Commands/Query

$queryId = Post-Query-Request -SQlQuery “SELECT * FROM logs where sddc_id<>exist() ORDER BY ingest_timestamp DESC” -Duration 60
$response = Get-QueryResponse -QueryId $queryId
$response.logQueryResults | more

 

Filter 3

Contains

Commands/Query

$queryId = Post-Query-Request -SQlQuery “SELECT * FROM logs where log_type = audit ORDER BY ingest_timestamp DESC” -Duration 60
$response = Get-QueryResponse -QueryId $queryId
$response.logQueryResults | more

 

Filter 4

Does not contain

Commands/Query

$queryId = Post-Query-Request -SQlQuery “SELECT * FROM logs where log_type<>’audit’ ORDER BY ingest_timestamp DESC” -Duration 60
$response = Get-QueryResponse -QueryId $queryId
$response.logQueryResults | more

 

Filter 5

Starts with

Commands/Query

$queryId = Post-Query-Request -SQlQuery “SELECT * FROM logs where log_type=startsWith(‘nsxt’) ORDER BY ingest_timestamp DESC” -Duration 60
$response = Get-QueryResponse -QueryId $queryId
$response.logQueryResults | more

 

Filter 6

Does not start with

Commands/Query

$queryId = Post-Query-Request -SQlQuery “SELECT * FROM logs where log_type<>startsWith(‘nsxt’) ORDER BY ingest_timestamp DESC” -Duration 60
$response = Get-QueryResponse -QueryId $queryId
$response.logQueryResults | more

 

Filter 7

Matches regex

Commands/Query

$queryId = Post-Query-Request -SQlQuery “SELECT * FROM logs where log_type=matchesRegex(‘\w+’) ORDER BY ingest_timestamp DESC” -Duration 60
$response = Get-QueryResponse -QueryId $queryId
$response.logQueryResults | more

Try out vRealize Log Insight Cloud

If you’re not already using vRealize Log Insight Cloud, check out our free 30-daytrial. To learn more about how to use Log Insight Cloud, please check out

Related Articles

Announcing PowervRLICloud

 

Leave a Reply

Your email address will not be published. Required fields are marked *