Splunk® Supported Add-ons

Splunk Add-on for VMware

Installation and configuration overview for the Splunk Add-on for VMware

The Splunk Add-on for VMware package contains the following components:

  • SA-Hydra - Collects API based data from vCenter. It schedules jobs from the Search Head and runs the worker processes on each data collection node.
  • Splunk_TA_vmware - Contains the python based API data collection engine and collects data from VMWare environment. Also provides search-time tagging of VMware data.

The Splunk Add-on for VMware contains the following functions:

  • Scheduler - Previously held by the Splunk App for VMware, the scheduler performs job distribution and load balancing for your distributed Splunk platform deployment.
  • Python script splunk_for_vmware_setup.py that collects DCN details, such as DCN URI, username, and password information from the Collection Configuration page of the Splunk Add-on for VMware and sends them to SA-Hydra.

Layout for on-premises deployment

The below image outlines the best-practice, full installation of the Splunk Add-on for VMware on a distributed deployment.

Diagram for cloud - Cloud - Event TA (1).png

The below image outlines an alternative, full installation of the Splunk Add-on for VMware on a distributed deployment.

Diagram for cloud - On Prem - Event TA (1).png


On-premises deployment of the Splunk Add-on for VMware

See the table below to see which component goes on which part of your Splunk deployment.

Splunkbase Add-on Component Search head Scheduler (DCS) Indexer Data Collection Node (DCN) Dedicated ESXi log forwarder Dedicated vCenter log forwarder
Splunk Add-on for VMware Splunk_TA_vmware


SA-Hydra

X X
Splunk Add-on for ESXi Logs Splunk_TA_esxilogs X X X
Splunk Add-on for vCenter Logs Splunk_TA_vcenter X X Optional* X
Splunk Add-on for VMware Indexes SA-VMWIndex X
Splunk Add-on for VMware Extractions TA-VMW-FieldExtractions X

(*)Depending on your specific configuration, you might also need Splunk_TA_vcenter to collect VCenter data.

Layout for cloud deployment

The below image outlines a full installation of the Splunk Add-on for VMware on a cloud deployment.

Diagram for cloud - Cloud - Event TA (1).png

Cloud deployment of the Splunk Add-on for VMware

See the table below to see which component goes on which part of your Splunk Cloud deployment.

Splunkbase Add-on Component Search head Scheduler (DCS) Indexer Data Collection Node (DCN) Dedicated ESXi log forwarder Dedicated vCenter log forwarder
Splunk Add-on for VMware Splunk_TA_vmware


SA-Hydra

X X
Splunk Add-on for ESXi Logs Splunk_TA_esxilogs X X
Splunk Add-on for vCenter Logs Splunk_TA_vcenter X X
Splunk Add-on for VMware Indexes SA-VMWIndex X
Splunk Add-on for VMware Extractions TA-VMW-FieldExtractions X
Last modified on 13 September, 2023
Hardware and software requirements for the Splunk Add-on for VMware   Set up your system for the Splunk Add-on for VMware

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters