Configure inputs for the Splunk Add-on for Microsoft Hyper-V

The Splunk Add-on for Microsoft Hyper-V collects data through the Splunk platform's native PowerShell and performance monitoring, and event log collection capabilities. After you install the add-on to the forwarder installed on your Microsoft Hyper-V server, you need to configure the forwarder to collect data.

The table below lists the inputs you can enable through Microsoft PowerShell, Performance monitor, and Windows event log

Type	Input Name
PowerShell v3 inputs	`DatastorePerfMetrics` `GetHypervisor_Inventory` `GetHypervisor_InventoryEXT` `GetHypervisor_SwitchEXT` `GetVM_DiskEXT` `GetVM_Inventory` `GetVM_InventoryEXT` `GetVM_NetworkEXT` `HypervisorPerfMetrics` `VMPerfMetrics`
Local performance monitoring	`HyperV_Hypervisor` `HyperV_Legacy_Network` `HyperV_Logical_Processor` `HyperV_Network` `HyperV_Partition` `HyperV_Root_Partition` `HyperV_Root_Processor` `HyperV_VM_Health` `HyperV_VM_Summary` `HyperV_VM_VID_Partition` `HyperV_Virtual_Processor` `HyperV_Virtual_Storage_Device` `HyperV_Virtual_Switch`
Event log collection	`Microsoft-Windows-Hyper-V-Config-Admin` `Microsoft-Windows-Hyper-V-Config-Operational` `Microsoft-Windows-Hyper-V-Hypervisor-Admin` `Microsoft-Windows-Hyper-V-Hypervisor-Operational` `Microsoft-Windows-Hyper-V-Image-Management-Service-Admin` `Microsoft-Windows-Hyper-V-Image-Management-Service-Operational` `Microsoft-Windows-Hyper-V-Intergration-Admin` `Microsoft-Windows-Hyper-V-Network-Admin` `Microsoft-Windows-Hyper-V-Network-Operational` `Microsoft-Windows-Hyper-V-SynthNic-Admin` `Microsoft-Windows-Hyper-V-SynthNic-Operational` `Microsoft-Windows-Hyper-V-VMMS-Admin` `Microsoft-Windows-Hyper-V-Worker-Admin` `Microsoft-Windows-Hyper-V-SynthStor-Admin` `Microsoft-Windows-Hyper-V-SynthStor-Operational` `Microsoft-Windows-Hyper-V-Compute-Admin` `Microsoft-Windows-Hyper-V-VmSwitch-Operational` `Microsoft-Windows-Hyper-V-VMMS-Networking` `Microsoft-Windows-Hyper-V-VMMS-Operational`

If your forwarder has Splunk Web enabled, you can use Splunk Web to configure inputs. If your forwarder does not have Splunk Web, configure your inputs in inputs.conf.

Configure inputs through Splunk Web

Log into Splunk Web on the forwarder installed on your Microsoft Hyper-V server.
Select Settings > Data inputs > Local inputs.
Select PowerShell v3 Modular Input and click Enable to enable the type of data you want to collect via Microsoft PowerShell.
Select Local performance monitoring and click Enable to enable the type of data you want to collect via performance monitor.
Select Event log collection and click Enable to enable the type of data you want to collect via windows event log.
(Optional) If you want to increase the collection interval for larger deployments, click the input metric and modify the CRON schedule for the PowerShell input or decrease the frequency of script running for the performance input.

Configure inputs through inputs.conf

Create a file named inputs.conf in %SPLUNK_HOME%\etc\apps\Splunk_TA_microsoft-hyperv\local folder.
Open inputs.conf file in %SPLUNK_HOME%\etc\apps\Splunk_TA_microsoft-hyperv\default and copy the stanzas that you want to the local file you just created.
Change the disabled=1 to disabled=0 for each input that you want to enable.
(Optional) To increase the collection interval for larger deployments, modify the CRON schedule for the PowerShell inputs or increase the interval for the performance monitoring scripts.
Save the file.
Restart the forwarder.

Configure inputs for the Splunk Add-on for Microsoft Hyper-V

Configure inputs through Splunk Web

Configure inputs through inputs.conf

Comments

Configure inputs for the Splunk Add-on for Microsoft Hyper-V

Was this topic useful?