Regardless of what we set the parameter $InputFileSeverity to it ignores us and sends everything right up to Debug (Level 7). As that more than doubles the log size for no material benefit, I'd like to tell vCenter not to bother.
What is the corect syntax of the stanza in rsyslog.conf to set the severity level to Level 6 / Info or lower?
This now means I have to rework the transforms.conf in the Splunk App, so far from ideal. I've got the sourcetype working, with some caeveats, but I suspect that the whole piece about field extractions will now fail.