Installation and configuration overview for the Splunk Add-on for VMware ESXi Logs
The Splunk Add-on for ESXi Logs can't forward esxilogs to indexers in a cluster. The workaround for this is in Troubleshoot the Splunk Add-on for VMware ESXi Logs.
The Splunk Add-on for VMware ESXi logs package contains the necessary index-time and search-time extractions to parse the ESXi logs collected using the syslog. This overview outlines a full installation of the Splunk Add-on for VMware ESXi Logs on a distributed deployment.
Install the Splunk Add-on for VMware ESXi Logs
Review the deployment diagram and corresponding table for your environment type for details on the install locations for each VMware ESXi logs data collection package. If you are using an on-premises environment, you can forward the data directly to the indexer or using an intermediate forwarder (such as DCN). If you are using the add-on in a cloud environment, you have to forward the data to an intermediate heavy forwarder before you forward the data to cloud indexers.
Install Splunk Add-on for VMware ESXi Logs in an on-premises environment
This deployment diagram reflects the best practice for deploying the Splunk Add-on for VMware ESXI Logs in an on-premises environment.
This deployment diagram and the corresponding table represent an alternative option for deploying the Splunk Add-on for VMware ESXI Logs in an on-premises environment.
Add-on | Package | Search head | Indexer | Data collection node (DCN) | Dedicated ESXi forwarder | The operation performed by the pacakage |
---|---|---|---|---|---|---|
Splunk Add-on for ESXi Logs | Splunk_TA_esxilogs | X | X* | X† | X | Handles log data collection and parsing from ESXihosts. |
Splunk Add-on for VMware Metrics Indexes or Splunk Add-on for VMware Indexes | SA-VMWIndex-inframon or SA-VMWIndex | X | Creates indexes that store ESXi log data forwarded by VMware ESXi hosts. | |||
* If you send syslog data directly to the indexer. † If you send syslog data directly to the Data Collection Node (DCN). |
Install Splunk Add-on for VMware ESXi Logs in a Cloud environment
This deployment diagram and corresponding table outline the full installation of Splunk Add-on for VMware ESXi Logs in a cloud environment.
Add-on | Package | Search head | Indexer | Data collection node (DCN) or intermediate forwarder | Dedicated ESXi forwarder | The operation performed by the pacakage |
---|---|---|---|---|---|---|
Splunk Add-on for ESXi Logs | Splunk_TA_esxilogs | X | X | X | Handles log data collection and parsing from ESXihosts. | |
Splunk Add-on for VMware Metrics Indexes or Splunk Add-on for VMware Indexes | SA-VMWIndex-inframon or SA-VMWIndex | X | Creates indexes that store ESXi log data forwarded by VMware ESXi hosts. |
Data collection planning and requirements for the Splunk Add-on for VMware ESXi Logs | Set up your system for the Splunk Add-on for VMware ESXi Logs |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!