Splunk® VMware OVA for ITSI

Install and Configure the Splunk VMware OVA for ITSI

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Install and configure the VMware OVA for ITSI

Install the Splunk VMware OVA for ITSI and deploy a Data Collection Node (DCN) to collect data from VMware vCenter Servers. If you can't deploy an OVA, you can manually configure a Splunk heavy forwarder to perform as a DCN. For more information, see Configure a heavy forwarder to be a DCN in the Install and Upgrade Splunk App for Infrastructure guide.

After you deploy a DCN, configure data collection with a Data Collection Scheduler (DCS) from the Add Data page in the Splunk App for Infrastructure. You can also modify a DCN to act as a DCS. For information about setting up a DCS, including all the places you can deploy a DCS, see Deploy a Data Collection Scheduler in the Install and Upgrade Splunk App for Infrastructure guide.

Steps

Follow these steps to install the OVA and configure the DCN running in the OVA.

1. Download the Splunk VMware OVA for ITSI

Download the Splunk VMware OVA for ITSI from Splunkbase.

2. Deploy the DCN in a vCenter Server

Use the OVA template to create a virtual machine in your vCenter Server to run the DCN. For information about deploying an OVA template, see Deploy an OVF or OVA Template on the VMware website.

For information about DCN requirements, see Data Collection Node requirements and limits.

After you deploy the OVA, the vCenter Server automatically assigns an IP address to the DCN via DHCP. For the most reliable connection, configure a static IP address for the DCN if possible.

Follow these steps to set up the DCN after you deployed the OVA in a vCenter Server.

  1. SSH into the virtual machine that's running the DCN.
  2. Log in to the virtual machine as the root user:
    username: root
    password: changemenow
    
  3. Change the password:
    # passwd
    
  4. Set the timezone for the virtual machine.
    1. If you don't know which timezone you need to set, get a list of all the available timezones:
      $ timedatectl list-timezones
      
    2. Run this command to change the timezone for the DCN's operating system:
      $ sudo timedatectl set-timezone <time_zone>
      
  5. Run the dcn-network-config command to test the network configuration for the DCN. Press Enter for each setting you don't want to change. When you finish, the dcn-network-config command tests your network configuration. These are the settings you can modify:
    IPv4 address
    IPv4 address of the default gateway
    Netmask
    DNS/Nameserver
    Hostname
    

3. Configure the DCN

  1. Log in to the virtual machine with these user credentials:
    username: splunk
    password: changeme
    
  2. Run the dcn-splunk-config command and enter a new password for the admin user for the universal forwarder. Before you change the password for the admin user, the default password is changeme.
  3. Configure these settings:
    Setting Description
    Enter comma separated Indexers(<host>:<port>)[] Enter the IP address and port of each indexer you want to forward data to. For more information about forwarding data directly to indexers, see Connect forwarders directly to peer nodes in the Splunk Enterprise Managing Indexers and Clusters of Indexers guide.
    Enter license master(https://<host>:<port>)[self] You don't have to configure the DCN as a license slave to collect data from the VMware vCenter Server. Press Enter to continue without providing a license master.
  4. Save your changes and restart Splunk.
Last modified on 27 August, 2020
PREVIOUS
Requirements and specifications for the Splunk VMware OVA for ITSI
  NEXT
What's new

This documentation applies to the following versions of Splunk® VMware OVA for ITSI: 1.0.0, 1.1.0, 1.1.1


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters