Log Insight provides log management, aggregation and visual representation of events within both the physical and virtual network. It has the ability to manage the logs of thousands of distributed devices and systems and allow administrators a simplified portal for log management.

Log Insight just got an upgrade to version 2.5. My current pseudo-production environment was running 2.0 GA and I wanted to take advantage of the new features in 2.5 – namely the cluster load balancer and events trend analyser.

At a high level Log Insight supports the continuous ingestion of logs from a number of different platforms. It can take logs in and provide the ability to perform complex visual lookups, provide integrated regex lookup through logs, and graph events based on these logs. The architecture is quite simple and very powerful.


When Log Insight is upgraded the master node is logged into and upgraded first. The worker nodes continue having logs ingested.

Under the administration tab of Log Insight select the Appliance tab. Select Upload PAK.

Screen Shot 2014-12-10 at 1.16.29 pm

Select your PAK file you want to upgrade with.

Screen Shot 2014-12-10 at 1.16.50 pm

If you are running a single master node and no workers in your Log Insight environment you will need to accept a period of missing logs due to the downtime of the upgrade. If you are running a Log Insight cluster, the Master is upgraded first, which will only stop queries being run against logs. Ingestion of logs will still continue by the workers. Select upgrade.

Screen Shot 2014-12-10 at 1.17.09 pm


Upload of the PAK begins.

Screen Shot 2014-12-10 at 1.17.26 pm

After a period of time the Master is upgraded and you will see the current release and build number. Happy days.

Screen Shot 2014-12-10 at 1.23.25 pmVMware Log Insight is now upgraded to 2.5 – vRealize Log Insight.
Screen Shot 2014-12-10 at 1.23.17 pmIf you are running a Log Insight Cluster you will need to drop the individual LI workers into maintenance mode and upgrade them. If your LI worker pool is protected by an external Load Balancer you will need to drop them from the Server Pool as well.

First Pause the worker. This will drop them into maintenance mode.Screen Shot 2014-12-11 at 4.33.14 pm

The green Upgrade icon appears. The worker is ready to be updated. This status will change to an amber signal stating upgrading. After a period of time this will have upgraded.Screen Shot 2014-12-11 at 4.35.02 pm


The more astute reader would have noticed a 2.0.1 worker being upgraded to 2.0.2. At this stage I am offline from my lab and had to borrow from my powerpoint deck!

With that, I have successfully upgraded my worker. I will put him back into the load-balancer pool. Repeat the process for all workers in the LI cluster and you will be running version 2.5.


Leave a Reply

Your email address will not be published. Required fields are marked *