Getting Data In

using Log Insight or VMware and NSX Addon to collect logs from ESXi hosts, vCenter servers, and NSX components?

maede_yavari
Explorer

Hi everyone,

I'm currently using VMware vRealize Log Insight to collect logs from ESXi hosts, vCenter servers, and NSX components. I then forward these logs to Splunk. However, I've noticed that Log Insight doesn't always parse logs correctly. I'm considering switching to direct integration using the Splunk Add-ons for VMware and NSX.

My Questions:

  1. Log Volume Reduction: For those who have used Log Insight, what kind of log volume reduction have you achieved through filtering and aggregation before forwarding logs to Splunk?
  2. License Usage: How does the Splunk license usage compare between using Log Insight for pre-processing and direct ingestion with Splunk Add-ons?
  3. Best Practices: Are there any best practices or tips for optimizing Splunk license usage with either approach?

Context:

  • Current log volume: Approximately 300 GB per day (raw).
  • Goals: Improve log parsing accuracy while optimize Splunk license usage.

Any insights or experiences would be greatly appreciated!

Thanks in advance!

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Cloud Platform | Customer Change Announcement: Email Notification Will Be Available ...

The Notification Team is migrating our email service provider since currently there’s no support ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...