Hi @justynap_ldz, no I wasn't able to solve it with Splunk. I never changed something in the .conf files you mentioned. But I had to stop sending the syslogs of the VMware ESXi hosts to Splunk because the free amount about 500 MB per day was overloaded by the VMware log data. I also use Splunk for the logs of my Sophos UTM to have a better tool for troubleshooting firewall and proxy issues. So there's not enough free space for the VMware syslogs. And i found an alternative way by using VMware PowerCLI to get the SMART data from the ESXi hosts. With a PowerShell script I can read all SMART data and send a warning mail when there are issues. Í even can read data that isn't shown in the syslog of the ESXi hosts. Kind Regards
... View more