-We have a remote syslog server that is collecting vcenter and esxi hosts logs.
-On the sylog server the data is broken as followed %HOSTNAME%/%PROGRAMNAME%.log"
-We are able to collect the data using splunk_ta_esxilogs and splunk_ta_vcenter app.
The problem is that its collecting too much data, and we only care about security related data. How can I collect the following logs using the Splunk Add-on for VMware plugins? Is that something I need to do in the transforms.conf and props.conf file?
shell.log
auth.log
hostd.log
↧