From 9c665a83e399cab6b6d78d2db5b4e92545478f0e Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Fri, 29 May 2020 14:21:40 -0400
Subject: [PATCH 1/2] Update vsphere.conf

---
 package/etc/conf.d/filters/VMware/vsphere.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/package/etc/conf.d/filters/VMware/vsphere.conf b/package/etc/conf.d/filters/VMware/vsphere.conf
index d7ba39b..12a849e 100644
--- a/package/etc/conf.d/filters/VMware/vsphere.conf
+++ b/package/etc/conf.d/filters/VMware/vsphere.conf
@@ -21,6 +21,7 @@ filter f_vmware_all {
     or program("vobd", flags(ignore-case))
     or program("Vpxa", flags(ignore-case))
     or program("Vpxd", flags(ignore-case))
+    or program("Vpxd-svcs", flags(ignore-case))
     or program("VSANMGMTSVC", flags(ignore-case))
     or program("vsfwd", flags(ignore-case))
     #begin nsx
@@ -47,7 +48,6 @@ filter f_vmware_esx {
     or program("vmkwarning", flags(ignore-case))
     or program("vobd", flags(ignore-case))
     or program("Vpxa", flags(ignore-case))
-    or program("Vpxd", flags(ignore-case))
     or program("VSANMGMTSVC", flags(ignore-case))
     or program("vsfwd", flags(ignore-case))
     or program("vmauthd", flags(ignore-case))
@@ -67,4 +67,7 @@ filter f_vmware_vcenter {
     or program("vmcad", flags(ignore-case))
     or program("vmdird", flags(ignore-case))
     or program("vmon", flags(ignore-case))
+    or program("Vpxd", flags(ignore-case))
+    or program("Vpxd-svcs", flags(ignore-case))
+
 };    
\ No newline at end of file

From 70445c7d1bd20245a9277ff118d2b7573e1146fd Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Fri, 29 May 2020 14:23:38 -0400
Subject: [PATCH 2/2] Update test_vmware.py

---
 tests/test_vmware.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test_vmware.py b/tests/test_vmware.py
index 24c5684..f558f01 100644
--- a/tests/test_vmware.py
+++ b/tests/test_vmware.py
@@ -29,7 +29,7 @@ def test_linux_vmware(record_property, setup_wordlist, setup_splunk, setup_sc4s)
     iso_header = dt.isoformat()[0:23]
     epoch = epoch[:-3]
 
-    mt = env.from_string("{{ mark }}1 {{ iso_header }}Z {{ host }} vpxd {{ pid }} - - Event [3481177] [1-1] [{{ iso }}Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\svc-vcenter-user] [] [3481177] [User VSPHERE.LOCAL\svc-vcenter-user@192.168.10.10 logged in as pyvmomi Python/2.7.13 (Linux; 4.9.0-7-amd64; x86_64)]\n")
+    mt = env.from_string("{{ mark }}1 {{ iso_header }}Z {{ host }} vpxa {{ pid }} - - Event [3481177] [1-1] [{{ iso }}Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\svc-vcenter-user] [] [3481177] [User VSPHERE.LOCAL\svc-vcenter-user@192.168.10.10 logged in as pyvmomi Python/2.7.13 (Linux; 4.9.0-7-amd64; x86_64)]\n")
     message = mt.render(mark="<144>", iso_header=iso_header, iso=iso, host=host, pid=pid)
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])