Set up your system for the Splunk Add-on for vCenter Logs
Configure ports to collect log data from the vCenter server
Review this information on how the entities in an environment communicate.
|vCenter server||Splunk indexer||9997||To send log data from the vCenter Server system on port 9997, install the Splunk universal forwarder and the Splunk_TA_vcenter package on the vCenter Server system. If firewall issues prevent you from installing the Splunk Add-on for vCenter Logs components on vCenter Server, forward the vCenter Server log data to the data collection node (DCN). The DCN contains all of the components required to collect vCenter Server log data. Forward this data from the DCN to Splunk indexers.|
|vCenter server||DCN/syslog server||TCP port 1517||To send log data from vCenter Linux Server on port 1517 use Syslog-ng/rsyslog. See Collect vCenter Server Appliance logs via syslog<add-link>|
Set up add-on dependencies
The Splunk Add-on for vCenter logs receives the vCenter logs data via syslog/universal forwarder installed on the vCenter server and the data is ingested in the vmware-vclog index. The definition for the required index is present in the Splunk Add-on for VMware Metrics Indexes package or the Splunk Add-on for VMware Indexes package. If you are using Splunk Add-On for VMware Metrics you have to install the indexes package by following the Install and Configure Splunk Add-on for VMware Metrics Indexes steps. If you are using Splunk Add-On for VMware you have to install the indexes package by following the Install and Configure Splunk Add-on for VMware Indexes steps.
Installation and configuration overview for the Splunk Add-on for vCenter Logs
Install the Splunk Add-on for vCenter Logs
This documentation applies to the following versions of Splunk® Supported Add-ons: released