One request I have had a few times now is how to build out a NSX Distributed Firewall chart that includes rule hit count within Log Insight. Read on to learn how.
The first step is to ensure that your Distributed Firewall Rules are set to log (by default it is set to no). If you need to bulk enable rules to log, see this previous post for how to do it easily with PowerNSX.
Go to the Interactive Analytics tab in Log Insight, the first thing we are going to do is add a couple of filters for the specific rule ID we are looking for (in my case, 1013).
Select Add Filter and where it says text, click and type vmw_nsx_firewall_ruleid and set the match type to equals and the rule ID in the final column. When you are done it should look like the following.
Next, change the Chart Type to Table (right hand side)
Finally, select where it says over time and choose the following checkboxes
Your results should look similar to the following
At this point you can click Add to Dashboard in the top right if you want to save this view and access it from Dashboards –> My Dashboards view in the future.
Another option is to see across any rule, in this case use the same filter but instead of equals and then a rule ID just set it to exists. Results will look something like this
