Splunk Enterprise provides a unified user console for log management. Splunk Enterprise can be accessed through one of two authentication methods: using Lightweight Directory Access Protocol (LDAP) authentication or via proprietary Splunk authentication. Splunk offers numerous options for visualizing results including reports, charts, and gauges, but legend values are not shown for pie charts from the dashboard. XML dashboards can be converted into HTML dashboards, but once dashboards have been created, administrators cannot modify the date and time of the result to be displayed. In addition, while configuring the simple mail transfer protocol (SMTP) server for alerts, Splunk does not verify SMTP server details; it requires a test connection with Splunk Server each time a PDF report is scheduled.

VMware vRealize Log Insight is a truly streamlined log-management tool. Log Insight simplifies result visualization, new field extraction, and changing date/time criteria from the search page itself. Unlike Splunk Enterprise, Log Insight also allows date and time values to be modified for preconfigured dashboards. However, when the field definition for any saved query or chart is changed, it stops updating the respective results. Log Insight seamlessly integrates with vRealize Operations Manager but alerts sent to Operations Manager do not show the severity level. All alerts shown in the Operations Manager are the same as ordinary information alerts. This can create a problem for administrators trying to identify critical or important issues.

The following screenshot displays the dashboards with all of the warnings:

We open the Interactive Analytics interface with query and filter out information related to specific customer by linking widgets with other widgets. We can also link multiple dashboards by clicking their dashboard, which brings up a list of dashboards to further refine how a set of logs can be viewed as we get dashboards of all vSphere events by hostname widget in the vSphere content pack general Overview dashboard by dashboard linking. We can also select another dashboard on a specific widget that will bring up a list of dashboards that contain specific info or problem areas in the content pack for a selected host.

We adapt Interactive Analytics with the query filter information and time range configured. We will reset the overview chart and query to default by clicking Interactive Analytics. We will first see the overview chart on the top of the Interactive Analytics page, which is a graphical interface of log data. This is based on the chart type, query, and chosen accumulative functions. The search box and query builder assist users to filter and locate relevant log information. Query criteria is automatically entered if a user transformed from a widget in the Dashboard view and the bottom view shows individual log events.

It shows fields related to log messages that sustain for the specified time range. Log Insight takes out a subset of the log data to use as a column in a database. This helps unstructured log data to be queried. We can view fields related to specific events in the fields pane. Fields that are included in the index or extracted manually are static. These fields data can be taken out or included through agent parsers, content pack fields, syslog fields, or manually extracted fields. A mini-chart is shown in the field pane by clicking a field.