This is answered in the Splunk documentation for the Splunk Add-on for VMware.

The input stanza for ESXi logs is

[monitor:///var/log/.../syslog.log]

https://docs.splunk.com/Documentation/AddOns/released/VMW/Hardwareandsoftwarerequirements#Data_volum...

Collected data type                    Data volume
Total vCenter logs                  15 MB of data per host per day per vCenter
ESXi host logs                      ~185 MB of data per host per day
Total API data per host                10 MB of data per host per day.
Total API data per virtual machine  3 MB of data per day.