Re: Query to see what ID powered off a VM

Bruticusmaximus · ‎08-17-2023

Is there a log insight query I can use to see who shut down a VM? I don't use Log Insight a lot. We have a VM that keeps shutting down.

Shen88 · ‎08-17-2023

@Bruticusmaximus,

Not a defined query as such, but yes you could use the filters to choose Virtual machines and then search for 'shutdown' keyword to look for the logs with shutdown message.

Here's the link to few search query examples.

https://docs.vmware.com/en/vRealize-Log-Insight/8.10/com.vmware.log-insight.user.doc/GUID-F494F057-3...

If you think your queries have been answered, Mark this response as "Correct" or "Helpful" and consider giving kudos to appreciate!

Regards,
Shen

swint · ‎08-19-2023

If you don't absolutely have to use Log Insight to find this information, couldn't you easily just check the Tasks of the VM that is being shutdown and look for the "Initiate guest OS shutdown" task and what account is listed for it in the Initiator column?

FredGSanford · ‎08-25-2023

All

Query to see what ID powered off a VM