About the Splunk OVA for VMware
The Splunk OVA for VMware is a preconfigured virtual machine with a lightweight operating system, Splunk heavy forwarder and all necessary add-ons and supporting add-ons for scheduling collection of inventory and performance data from VMWare vCenter servers. The Splunk OVA for VMware deploys as a Data Collection Node (DCN) to collect data for the Splunk IT Service Intelligence Virtualization Module and the Splunk App for VMware.
DCNs are required components for any Splunk App for VMware or Splunk IT Service Intelligence Virtualization Module deployment. Users can use the Splunk OVA for VMware to deploy a DCN but users can set up a DCN without the Splunk OVA for VMware by creating your own data collection node, using the steps in the Install the Splunk OVA for VMware section of this manual.
The Splunk OVA for VMware requires the following:
- Virtual Hardware v11
- CentOS Linux release 7.9.2009 (Core)
- Disk Size 16 GB
- VMWare Tools 18.104.22.16816 (build-15389592)
- Open ports 22, 8000, 8089, 8065 8008, 1514, 514
- A Splunk Enterprise version 8.2.4 heavy forwarder
- Splunk Add-on for VMware v4.0.4 which includes the following:
- Splunk_TA_vmware v4.0.4
- SA-Hydra v4.1.8
- Splunk_TA_esxilogs v4.2.1 and Splunk_TA_vcenter v4.2.1
You're responsible for the patches introduced in the operating system installed on the OVA. Regularly update the operating system to avoid vulnerabilities. There is no backward compatibility for the OVA.
The Splunk OVA for VMware comes with two default user accounts:
- The administrator account, with the credentials splunk/changeme.
- The root user account, with the credentials root/changemenow.
The data collection node (DCN) deployment has the following default configuration:
- Eight cores. 8 vCPUs or 4 vCPUs with two cores with a reservation of 2GHz.
- 12GB memory with a reservation of 1GB.
- 10-12GB of disk space.
The data collection node (DCN) scheduler should be installed on a dedicated Splunk instance such as the heavy forwarder if you have a search head cluster. It's best not to install it on a search head because, the more disconnected search heads you have hitting an indexing tier, the harder it is to control the load on the indexers.
Install the Splunk OVA for VMware
This documentation applies to the following versions of Splunk® OVA for VMware and NetApp: 4.0.5