Splunk® OVA for VMware Metrics

Splunk OVA for VMware Metrics

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® OVA for VMware Metrics. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Install the Splunk OVA for VMware Metrics in your virtual environment

Follow these steps to install the Splunk OVA for VMware Metrics on your Splunk platform deployment.

Data Collection Node resource requirements

DCNs communicate with the Collection Configuration page, which runs on the Splunk scheduler, to retrieve performance, inventory, hierarchy, task, and event data from vCenter servers.

Data collection node CPU requirements

Each data collection node needs at least one CPU core for every 10 hosts from which the DCN is collecting data. Before you install the Splunk OVA for VMware Metrics, estimate the number of CPUs you need and consider adding an additional CPU to the total number. Each DCN polls information for up to 70 ESXi hosts and 2,100 virtual machines if the add-on collects default metrics or 1,050 virtual machines if the add-on collects all metrics as per the guidelines in Data Collection Node requirements in the Splunk Add-on for VMware Metrics manual.

DCN virtual appliance sizing

The DCN virtual appliance has the following sizing:

  • 8 CPU cores with 2GHz reserved
  • 12 GB Memory with a reservation of 1GB
  • 12 GB storage

Data collection node and data collection scheduler requirements

In a Search Head Clustering, SHC, deployment you need to deploy the DCN Scheduler on a dedicated search head, and not on any individual Search Head in the SHC. A search head that performs only searching, and not any indexing, is referred to as a dedicated search head.

The Splunk Add-on for VMware Metrics does not support scheduler and Data Collection Node functions on Windows operating systems. Linux or UNIX are required. When deploying the VMware add-on into a Windows-based Splunk environment, deploy Linux-based virtual appliances from the Splunk-provided OVA image for both scheduler and data collection node roles.

To ensure reliable communication between systems, use static IP addresses and dedicated host names for each DCN. For more information, see Configure the Splunk Add-on for VMware to collect log data from vCenter Server systems using the VMware API in the Splunk Add-on for VMware Splunk® Supported Add-ons manual.

Steps

Follow these steps to install the Splunk OVA for VMware Metrics onto your Splunk platform deployment.

Step one: Install the Splunk OVA for VMware Metrics in your virtual environment

  1. Open the vSphere client and log into vCenter Server.
  2. Invoke the OVA template wizard. Click File > Deploy OVF Template.
  3. In the Deploy OVF Template wizard click Deploy from a file or URL, then click Browse…
  4. Locate the Splunk OVA for VMware Metrics file, splunk_OVA_for_VMware_Metrics_<version>_<build_number>.ova, then click Next.

    Note: You can't download the file directly from the URL. Splunk Apps require that you are authenticated via a supported web browser before you begin your download.

  5. Review the OVF template details, then click Next.
  6. (Optional) In the Name and Location screen type a name for the node VM. If you like, you can use the default name.
  7. Select a data center or folder as the deployment destination for the node VM, then click Next.
  8. On the Host / Cluster screen, select the specific host or cluster where you would like to run the node VM, then click Next.
  9. In the Datastore screen, choose the datastore where you want the VM and its filesystem to reside. The datastore can be from 4GB to 10GB. Click Next.
  10. On the Disk Format screen, select either Thin or Thick Provisioning, then click Next.
  11. On the Network Mapping screen, to specify the networks that you want the deployed template to use. Use the Destination Networks menu to map your data collection node .ova template to one of the networks in your inventory.
  12. Validate your selections in the Ready to complete dialog, then select Next to begin the deployment.
  13. After you finish deploying, click Close to complete the installation and exit the wizard.

Step two: Configure resources for your VM

Configure resources for your VM according to the data collection node resource requirements. For more information, review the Data Collection Node resource requirements.

Step three: Power on data collection node, set up forwarding and change your password

Follow these steps to power on your DCN, set up a forwarder and change your password.

  1. Locate the collection node VM in the vSphere Client tree view.
  2. Right-click on the collection node VM and choose Power > Power On from the menu to start the VM. When you power on the data collection node, Splunk Enterprise starts automatically even though the VMware data collection mechanism is not configured. By default, the node VM boots and gets its network settings via DHCP. You can keep this default setting or you can set a static IP address. If you use DHCP, check the Summary tab in the vSphere client to get the IP address of the node VM.
  3. To ssh into the data collection node use the default username and password splunk/changeme. You automatically go to the directory /home/splunk.
    1. If you use DHCP, check the Summary tab in the vSphere client to get the IP address of the node VM.
    2. If you do not use DHCP, Go to the vSphere client and open the console where the OVA is deployed. Login using the root user and run the dcn-network-script. Use the same IP in this script to SSH. For more infomration, see Configure the DCN system settings
  4. Your Splunk platform is installed in /opt.
  5. Set up forwarding to the port on which the Splunk indexers is configured to receive data. For information on how to get data in, see Use forwarders to get data in in the Splunk Enterprise Getting Data In Manual. For more information on , see how to forward data to your Splunk Instance, see Enable forwarding on a Splunk Enterprise instance in the Forwarding Data manual.
  6. The default password for Splunk's admin user is changeme. Change the password using the CLI for this forwarder with this command:
    splunk edit user admin -password 'newpassword' -role admin -auth admin:changeme
  7. Start your Splunk platform instance.

Create your own data collection node

You can build a data collection node and configure it specifically for your environment. Create and configure this data collection node on a physical machine or as a VM image to deploy into your environment using vCenter. Follow these steps to build a data collection node:

  1. Install a CentOS or RedHat Enterprise Linux version that is compatible with Splunk Enterprise version 7.3.0 or later.
  2. Install Splunk Enterprise version 7.3.0 or later, and configure it as a heavy forwarder. For more information, see Deploy a heavy forwarder in the Splunk® Enterprise Forwarding Data Manual.

    You can't use a universal forwarder as it lacks the necessary python libraries.

  3. Download the Splunk Add-on for VMware Metrics package Splunk_add-on_for_vmware_metrics-<version>-<build_number>.tgzfrom Splunkbase.
  4. Copy the file Splunk_add-on_for_vmware_metrics-<version>-<build_number>.tgz from the download package, and move to $SPLUNK_HOME/etc/apps.
  5. Extract the file Splunk_add_on_for_vmware_metrics-<version>-<build_number>.tgz from $SPLUNK_HOME/etc/apps.
  6. Verify that the data collection components SA-Hydra-inframon , Splunk_TA_vmware-inframon and Splunk_TA_esxilogs exist in $SPLUNK_HOME/etc/apps .
  7. Verify that the firewall ports are correct. The DCN communicates with splunkd on port 8089. The DCN communicates with the scheduler node on port 8008. Set up forwarding to the same port as your Splunk indexers.
  8. Navigate to $SPLUNK_HOME/etc/apps/SA-Hydra-inframon/local and open outputs.conf.
  9. Uncomment the [tcpout] stanza. Save and exit.
  10. (Optional) Disable the KVStore to reduce CPU overhead on your Splunk platform instance by navigating to SPLUNK_HOME$/etc/system/local/.
  11. Open the server.conf file and disable the kvstore stanza.
    [kvstore] disabled = true
  12. Save your changes and exit.
  13. After deploying the collection components, add the forwarder to your scheduler's configuration. For more information, see Configure the Splunk OVA for VMware.

Learn more

To learn more, see:

Last modified on 20 October, 2020
PREVIOUS
About the Splunk OVA for VMware Metrics 		  NEXT
Configure the Splunk OVA for VMware Metrics

This documentation applies to the following versions of Splunk® OVA for VMware Metrics: 4.1.0, 4.2.0, 4.2.1

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters