We've integrated ESXi hosts to send syslog to Log Insight but it's generating 25 milliions logs per hour.
Without reducing the verbose on the hosts, any why i can limit what Log Insight takes in? Such as with Windows Agents, I can drop events.
Not if you're using syslog. Once it hits vRLI that's what it's keeping.
So basically there is nothing I can do other than 1) stop sending ESXi logs to log insight which it's what it's designed to do, or 2) add more server into the Log Insight cluster ?
3) Eliminate the spam of messages presuming they result from a defect of some sort; 4) Lower the verbosity level your ESXi hosts are configured to send presuming you have increased it from the defaults. Otherwise, yes, options 1 or 2.