using Log Insight or VMware and NSX Addon to colle...

Getting Data In

Hi everyone,

I'm currently using VMware vRealize Log Insight to collect logs from ESXi hosts, vCenter servers, and NSX components. I then forward these logs to Splunk. However, I've noticed that Log Insight doesn't always parse logs correctly. I'm considering switching to direct integration using the Splunk Add-ons for VMware and NSX.

My Questions:

Log Volume Reduction: For those who have used Log Insight, what kind of log volume reduction have you achieved through filtering and aggregation before forwarding logs to Splunk?
License Usage: How does the Splunk license usage compare between using Log Insight for pre-processing and direct ingestion with Splunk Add-ons?
Best Practices: Are there any best practices or tips for optimizing Splunk license usage with either approach?

Context:

Current log volume: Approximately 300 GB per day (raw).
Goals: Improve log parsing accuracy while optimize Splunk license usage.

Any insights or experiences would be greatly appreciated!

Thanks in advance!

Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Join the Conversation