Splunk® App for VMware (Legacy)

Installation and Configuration Guide

On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy). For documentation on the most recent version, go to the latest release.

About the FA VM

The Splunk Forwarder Virtual Appliance for VMware (FA VM) .ova is the package you use to create the virtual machine. You install it using vCenter to collect data from your VMware environment. The FA VM can monitor resources within any cluster, host, or resource pool as a long as it has network access to it. It does not need to be physically located in the cluster, host, or resource pool itself.

What you should know before you deploy the FA VM

Before you deploy the Splunk FA VM you should know:

  • The network on which you will deploy the Splunk FA VM.
  • The datastore to use for the FA VM. The image is now provisioned for 20 GB.
  • Check that routing is enabled from the Splunk FA VM to these components and firewalls do not prevent communication.
  • That the VLAN is set correctly. For more information, see the VMware topic "Troubleshooting virtual machine network connection issues" .

The FA VM should be able to:

  • Access the VMware ESX/ESXi hosts and the vCenter servers on the network through port 443 (default https) .
  • Forward data to the appropriate indexer.

What you should know to configure the FA VM

Before you configure the FA VM:

  • Know the "VC instance name for your particular VC machine. This is the name of the root node in the VC's "Hosts and Clusters" view as seen in the vSphere Client.
  • Have the FA VM (or equivalent) deployed in your VMware environment with the Perl SDK installed:
    • The latest FA Add-on package comes pre-installed in the FA VM's .OVA image file.
    • The FA Add-on, Splunk_TA_vmware-1.0.2-138646.tgz is a Splunk technology add-on that contains the main VMware data gathering code. If you have deployed a fresh copy of the FA VM, there is nothing else special to do.
  • Service accounts and login credentials for accessing your VC machine(s) and ESX/i hosts:
    • have a list of ESX/i hosts and vCenter servers (and their log-in credentials) from which you want the FA to collect data.
    • have a service account(s) with login credentials for each target machine to enable the FA to access VC machines and ESX/i hosts for data gathering. This information is needed when setting up the engine.conf file. If you have not completed this step, you can create service users by running the logincreator.pl tool. You can also do this manually. See "Create Service accounts" in this manual.

NOTE: The procedure that described how to install the FA VM does not use password obfuscation. Passwords are place in clear-test in the engine.conf file. See "Obfuscate passwords" in this manual for information on Credentials and obfuscation.

The default credentials for the FA VM for the splunkadmin:

username=splunkadmin and password=changeme

Last modified on 30 October, 2012
Install the Add-on   Install the FA VM

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 1.0.2

Acrobat logo Download manual
Acrobat logo Download this page







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters