VCF Operations for Logs 9.0: A New Era of Log Management for VMware Cloud ...

Eric Sloof

Sunday, March 1. 2026

VCF Operations for Logs 9.0: A New Era of Log Management for VMware Cloud Foundation

With the release of VMware Cloud Foundation 9.0, Broadcom has taken a significant step forward in simplifying log management and troubleshooting for private cloud environments. VCF Operations for Logs 9.0 introduces a deeply integrated logging solution that brings log analytics directly into the VCF Operations interface — making life easier for NOC teams, SREs, IT administrators, and application teams alike.

In this blog post, I'll walk you through the key new features, architecture improvements, and what this means for your day-to-day operations.

What's New in VCF Operations for Logs 9.0?

Integrated Log Analysis in VCF Operations

The biggest change in version 9.0 is the introduction of Operations-Logs, a new logging solution built on VMware Aria Operations for Logs. This means you no longer need to switch between separate interfaces to analyze your logs. Everything is now available directly within the VCF Operations UI.

With this integration, you can:

  • Create log-based alerts without leaving VCF Operations
  • Design custom dashboards based on log data
  • Save and reuse log queries across your team
  • Package alerts, dashboards, and queries into management packs

Important note: VMware Aria Operations for Logs content packs are still supported in 9.0, but Broadcom recommends starting the migration to log-based tools in management packs, as content packs will be phased out in future updates.

Deployment Options

How you deploy VCF Operations for Logs depends on your license type:

  • VMware Cloud Foundation license: Activate Operations-Logs via VCF Management in VCF Operations Fleet Management — no separate appliance deployment required.
  • VMware vSphere Foundation (VVF) license: Deploy the VCF Operations for Logs virtual appliance using vSphere.

Key Features

High-Performance Log Ingestion

VCF Operations for Logs is built to handle large volumes of log data at high throughput with low latency. It accepts data through two main channels:

  • Syslog: ports 514/UDP, 514/TCP, and 1514/TCP (SSL)
  • Ingestion API: ports 9000/TCP and 9543/TCP (SSL)

Any environment component — operating systems, applications, VMs, hosts, vCenter, firewalls, switches, and storage — can push syslog feeds to VCF Operations for Logs.

Scalable Architecture

VCF Operations for Logs supports both single-node and multi-node cluster deployments:

  • Single node: Good for development and lab environments. Use the Integrated Load Balancer (ILB) even for single nodes to simplify future expansion.
  • Cluster: Required for production environments. Clusters provide primary and worker nodes, enabling linear scaling of ingestion throughput and high availability.
  • Cluster with Forwarders: Extend your deployment with forwarder clusters at remote sites, forwarding all logs to the main cluster. Ideal for multi-datacenter environments.
  • Cross-Forwarding for Redundancy: Mirror two main clusters across datacenters, each front-ended with dedicated forwarder clusters for full redundancy.

Near Real-Time Search

Log data ingested by VCF Operations for Logs is available for search within seconds. Historical data can be queried from the same interface with equally low latency — no need to wait or switch tools.

Runtime Field Extraction

Raw log data is often difficult to parse visually. VCF Operations for Logs provides runtime field extraction, allowing you to dynamically extract any field from log data using regular expressions. These extracted fields can then be used for:

  • Searching and filtering log events
  • Aggregating events in the Explore Logs chart
  • Building dashboard widgets

A handy one-click extract feature makes this even easier — no need to manually type complex regex patterns.

Explore Logs

The Explore Logs page is your primary workspace for log analysis. From here you can:

  • Search and filter log events by timestamp, text, source, or field values
  • Create and save custom queries
  • Visualize query results as charts
  • Pin charts to custom dashboards

Dashboards

Dashboards give you a real-time view of the metrics that matter most. You can:

  • Create custom dashboards with widgets based on your own queries
  • Use content pack dashboards for out-of-the-box visibility into VMware components
  • Clone content pack dashboards and customize them for your needs
  • Share dashboards with your team via shared dashboard URLs

Log Management

The Log Management section provides full control over how logs are handled:

  • Log filtering: Reduce noise by filtering out irrelevant log data
  • Log masking: Mask sensitive data before indexing
  • Log forwarding: Forward logs to external destinations or other VCF Operations for Logs instances
  • Index partitions: Control log retention and archiving policies

Integrations

VCF Operations for Logs integrates natively with key VMware and third-party products, including:

  • vSphere (vCenter log collection via centralized configuration)
  • NSX
  • Identity Firewall
  • Third-party syslog sources (rsyslog, syslog-ng, log4j)

The Life Cycle of a Log Event

Understanding how VCF Operations for Logs processes events helps you use the tool more effectively. Here's what happens from the moment a log event is generated:

  1. Generated on a device outside VCF Operations for Logs
  2. Collected via a VCF Operations for Logs agent, third-party agent, or direct API/syslog write
  3. Received by VCF Operations for Logs — directed to the appropriate node via the ILB
  4. Processed through the ingestion pipeline:
    • Keyword index created and stored on local disk
    • Machine learning applied to cluster events
    • Event stored in compressed format
  5. Available for search within seconds
  6. Archived or deleted based on retention policies (FIFO deletion when storage reaches 97% capacity)

What This Means for Your Teams

Team Benefit
NOC Teams Unified log view across the entire VCF fleet
SREs Near real-time alerting and log-based incident detection
IT Administrators Centralized log management with no extra tools
Application Teams Application-level log visibility and custom dashboards
DBAs Deep-dive log analysis for database components

Getting Started

To start using VCF Operations for Logs 9.0:

  1. If you have a VCF license, activate Operations-Logs via Fleet Management → VCF Management
  2. Configure your environment components to forward syslog to VCF Operations for Logs
  3. Explore the Explore Logs page and start building your first queries
  4. Create dashboards to monitor your most important metrics
  5. Set up log-based alerts to get notified proactively

Conclusion

VCF Operations for Logs 9.0 represents a major step forward in how VMware Cloud Foundation environments handle log management and troubleshooting. By integrating log analytics directly into VCF Operations, Broadcom has made it significantly easier for teams of all types to gain visibility into their infrastructure and applications — without additional tools or context switching.

Whether you're troubleshooting a failed deployment, investigating a performance issue, or simply keeping an eye on your environment's health, VCF Operations for Logs 9.0 has the tools you need.

Recent Entries

All VCF 9 VCAP Disciplines Secured - VCDX Loading…
Tuesday, April 21 2026
VMware Cloud Foundation Troubleshooting: Real-World Scenarios and Solutions
Sunday, April 19 2026
From RAI Amsterdam to Minneapolis: VCF 9 Troubleshooting on Tour
Sunday, March 22 2026
Demystifying VMware vSAN: Key Insights from the Latest FAQs
Sunday, March 8 2026
Introducing the VMware Certified Distinguished Expert (VCDX)
Wednesday, March 4 2026

Archives