Splunk® Supporting Add-on for VMware

Deploy and use the Splunk Supporting Add-on for VMware

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Install the Splunk Supporting Add-on for VMware

Installation Overview

Installation of the Splunk OVA for VMware Metrics and Splunk Add-on for VMware Metrics are prerequisites for the Splunk Supporting Add-on for VMware. The Splunk Supporting Add-on for VMware can be installed using a GUI.

Splunk Supporting Add-on for VMware package contents

The Splunk Supporting Add-on for VMware contains a component called SA_ITSI_VMware.

Install components

The table shows where to install the components of Splunk Supporting Add-on for VMware package and the required Splunk Add-on for VMware Metrics package in your distributed environment.

Component Search head Indexer Scheduler Data Collection Node (DCN)
SA_ITSI_VMware x
Splunk_TA_VMware_inframon x x
SA-Hydra-inframon x x
SA-VMWIndex-inframon x
Splunk_TA_esxilogs x*
Splunk_TA_vcenter x*

(*)These packages are not used by Splunk Supporting Add-on for VMware package.

Install the Splunk Supporting Add-on for VMware

Splunk Supporting Add-on for VMware uses the Splunk OVA for VMware Metrics to create and deploy the data collection nodes (DCN), and the Splunk Add-on for VMware Metrics to manage the scheduler functionality that the Splunk Supporting Add-on for VMware uses to analyze and collect virtual machine data.

Follow the instructions below to install the Splunk Supporting Add-on for VMware on your Splunk platform environment. For distributed environments, see Install the Splunk Supporting Add-on for VMware in a search head cluster environment.

  1. Download the Splunk Supporting Add-on for VMware from Splunkbase.
  2. Put the splunk_supporting_add_on_for_vmware-<version>.tgz file in $SPLUNK_HOME/etc/apps on your Splunk platform host.
  3. Extract the Splunk Supporting Add-on for the VMware package:
    cd/opt/splunk/etc/apps
    tar xvzf splunk_supporting_add_on_for_vmware-<version>.tgz
    
  4. Verify that you extracted the SA_ITSI_VMware subdirectory in the $SPLUNK_HOME/etc/apps directory.
  5. Restart Splunk Enterprise.
    /opt/splunk/bin/splunk restart
    

Install the Splunk Supporting Add-on for VMware in a search head cluster environment

Perform the following steps to install the Splunk Supporting Add-on in a search head cluster:

  1. Download the Splunk Supporting Add-on for VMware from Splunkbase and put the splunk_supporting_add_on_for_vmware-<version>.tgz file in a temporary directory to avoid overriding critical files:
    cp splunk_supporting_add_on_for_vmware-<version>.tgz /tmp
    
  2. Change to /tmp directory and extract the Splunk Supporting Add-on for the VMware package:
    cd /tmp
    tar xvzf splunk_supporting_add_on_for_vmware-<version>.tgz
    
  3. Copy the extracted files and move them into your deployer's apps folder inside the shcluster folder:
    cp -r * $SPLUNK_HOME/etc/shcluster/apps/
    
  4. Verify that the extracted package was copied correctly and resides in the $SPLUNK_HOME/etc/shcluster/apps folder:
    SA_ITSI_VMware
    
  5. On your deployer, deploy the Splunk Supporting Add-on for VMware onto any member of your search head cluster:
    /splunk apply shcluster-bundle -target <URI>:<management_port> -auth <username>:<password>
    
  6. Restart Splunk in each of the locations where you installed the add-on.

Enable Data model acceleration and use data models

Enable data model acceleration

An admin can enable data acceleration or change the acceleration period. Complete the following steps on the search head to enable acceleration of the VMwareInventory data model:

  1. In Splunk Web, go to Settings > Data Models.
  2. From the App list , select VMware (SA_ITSI_VMware) to see the data models defined and used by the Splunk Supporting Add-on for VMware
  3. Click Edit next to the data model you want to enable acceleration for and select Edit Acceleration.
  4. Check Accelerate.
  5. Select the summary range to specify the acceleration period. The default summary range is 1 month.
  6. Click Save.

Fields for VMwareInventory event objects

The following table lists the extracted and calculated fields for the event objects in the VMwareInventory data model.

Object name Field name Data type
Inventory moid string
Inventory type string
Inventory _time timestamp
Inventory host string
Inventory source string
Inventory sourcetype string
Inventory filename string
Inventory filesize number
Inventory filetype string
Inventory Snapshots string
Last modified on 12 January, 2021
PREVIOUS
About the Splunk Supporting Add-on for VMware
  NEXT
Get started with the Splunk Supporting Add-on for VMware

This documentation applies to the following versions of Splunk® Supporting Add-on for VMware: 1.0.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters