VMware Aria Operations for Logs Data Sets

VMware Aria Operations for Logs (formerly vRealize Log Insight or vRLI) is a powerful logging platform. It can ingest logs from vCenter, ESXi Hosts, Syslog Sources, and more. But what if I want certain users to see only certain logs? Say for example, I want to give a user access to see only logs for certain VMs? We'll use Data Sets, let's explore!

You've deployed VMware Aria Operations for Logs and are sending logs from vCenter, ESXi Hosts, and more. You're seeing all logs here!

You'll notice on the right hand side, I've expanded the source field to show many different sources. Let's use Data Sets to limit what a specific user can see. Go to Management - Cluster - Data Sets and select NEW DATA SET.

Define the Data Set you want, you can filter by any field or combination of fields, mine looks like this. Note that extracted fields aren't available to Data Sets.

I want this user to only see logs with hostname vr83-bpeterson. You can check your Data Set by clicking Run in Explore Logs page.

As you can see, there are only logs with hostname vr83-bpeterson. Another way to capture just certain groups of logs, say for example you're sending all of our storage related logs from NetApp AIQUM to vRLI via Syslog and tagging them upon ingestion, like this.

You could use that Tag, product=netapp, to filter your Data Set and give the Storage Team access to just those logs.

Next, you define a Role giving it access to your newly created Data Set.

Finally, create the User giving it access to this new Role. Go to the Users and Groups tab and select NEW USER, mine looks like this.

So, I've given user brockp access to the Blog Data Set, which is defined as logs containing only hostname=vr83-bpeterson. Upon login, that's all I see!

You can riff on this using other fields, combine Data Sets, and more. VMware Aria Operations for Logs is a powerful logging platform, check it out!