Splunk® Supported Add-ons

Splunk Add-on for VMware ESXi Logs

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Installation and configuration overview for the Splunk Add-on for VMware ESXi Logs

The Splunk Add-on for ESXi Logs can't forward esxilogs to indexers in a cluster. The workaround for this is in Troubleshoot the Splunk Add-on for VMware ESXi Logs.

The Splunk Add-on for VMware ESXi logs package contains the necessary index-time and search-time extractions to parse the ESXi logs collected using the syslog. This overview outlines a full installation of the Splunk Add-on for VMware ESXi Logs on a distributed deployment.

Install the Splunk Add-on for VMware ESXi Logs

Review the deployment diagram and corresponding table for your environment type for details on the install locations for each VMware ESXi logs data collection package. If you are using an on-premises environment, you can forward the data directly to the indexer or using an intermediate forwarder (such as DCN). If you are using the add-on in a cloud environment, you have to forward the data to an intermediate heavy forwarder before you forward the data to cloud indexers.

Install Splunk Add-on for VMware ESXi Logs in an on-premises environment

This deployment diagram reflects the best practice for deploying the Splunk Add-on for VMware ESXI Logs in an on-premises environment.

"Image of best practice deployment diagram for on-premises environments."

This deployment diagram and the corresponding table represent an alternative option for deploying the Splunk Add-on for VMware ESXI Logs in an on-premises environment.

"Image of deployment diagram for on-premises environments."

Add-on Package Search head Indexer Data collection node (DCN) Dedicated ESXi forwarder The operation performed by the pacakage
Splunk Add-on for ESXi Logs Splunk_TA_esxilogs X X* X X Handles log data collection and parsing from ESXihosts.
Splunk Add-on for VMware Metrics Indexes or Splunk Add-on for VMware Indexes SA-VMWIndex-inframon or SA-VMWIndex X Creates indexes that store ESXi log data forwarded by VMware ESXi hosts.
* If you send syslog data directly to the indexer.

† If you send syslog data directly to the Data Collection Node (DCN).

Install Splunk Add-on for VMware ESXi Logs in a Cloud environment

This deployment diagram and corresponding table outline the full installation of Splunk Add-on for VMware ESXi Logs in a cloud environment.

"Image of deployment diagram for cloud environments"

Add-on Package Search head Indexer Data collection node (DCN) or intermediate forwarder Dedicated ESXi forwarder The operation performed by the pacakage
Splunk Add-on for ESXi Logs Splunk_TA_esxilogs X X X Handles log data collection and parsing from ESXihosts.
Splunk Add-on for VMware Metrics Indexes or Splunk Add-on for VMware Indexes SA-VMWIndex-inframon or SA-VMWIndex X Creates indexes that store ESXi log data forwarded by VMware ESXi hosts.
Last modified on 23 May, 2022
PREVIOUS
Data collection planning and requirements for the Splunk Add-on for VMware ESXi Logs
  NEXT
Set up your system for the Splunk Add-on for VMware ESXi Logs

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters