Set up your system for the Splunk Add-on for VMware ESXi Logs
Configure ports to collect log data from the ESXi hosts
Review this information on how the entities in an environment communicate.
| Sender | Receiver | Port number | Description |
|---|---|---|---|
| ESXi host | DCN/syslog server | TCP port 1514 / UDP port 514 | Prior to ESXi version 6.x, ESXi versions supported either TCP or UDP, but not both. For an environment with fewer than 40 ESXi hosts, send syslog traffic to the Data Collection Scheduler (DCS), which controls the collection by DCNs. In a larger production environment, use a central syslog server with a Splunk Universal Forwarder with the Splunk_TA_esxilogs add-on package installed. Alternatively, you can send syslog to another DCN virtual machine dedicated to run as a Syslog server for the ESXi hosts. |
Set up add-on dependencies
Splunk Add-on for VMware ESXi Logs receives the ESXi logs data via syslog and the data is ingested in the vmware-esxilog index. The definition for the required index is present in the Splunk Add-on for VMware Metrics Indexes package or the Splunk Add-on for VMware Indexes package depending on the VMware add-on you are using. If you are using the Splunk Add-on for VMware Metrics, you have to install the metrics indexes package by following the steps in Install and Configure Splunk Add-on for VMware Metrics Indexes. If you are using Splunk add-on for VMware, follow the steps in Install and Configure Splunk Add-on for VMware Indexes.
| Installation and configuration overview for the Splunk Add-on for VMware ESXi Logs | Install and configure the Splunk Add-on for VMware ESXi Logs |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!