Install the Splunk Supporting Add-on for VMware

Installation Overview

Installation of the Splunk OVA for VMware Metrics and Splunk Add-on for VMware Metrics are prerequisites for the Splunk Supporting Add-on for VMware. The Splunk Supporting Add-on for VMware can be installed using a GUI.

Splunk Supporting Add-on for VMware package contents

The Splunk Supporting Add-on for VMware contains a component called SA_ITSI_VMware.

Install components

The table shows where to install the components of Splunk Supporting Add-on for VMware package and the required Splunk Add-on for VMware Metrics package in your distributed environment.

(*)These packages are not used by Splunk Supporting Add-on for VMware package.

Install the Splunk Supporting Add-on for VMware

Splunk Supporting Add-on for VMware uses the Splunk OVA for VMware Metrics to create and deploy the data collection nodes (DCN), and the Splunk Add-on for VMware Metrics to manage the scheduler functionality that the Splunk Supporting Add-on for VMware uses to analyze and collect virtual machine data.

Follow the instructions below to install the Splunk Supporting Add-on for VMware on your Splunk platform environment. For distributed environments, see Install the Splunk Supporting Add-on for VMware in a search head cluster environment.

1. Download the Splunk Supporting Add-on for VMware from Splunkbase.
2. Put the splunk_supporting_add_on_for_vmware-<version>.tgz file in $SPLUNK_HOME/etc/apps on your Splunk platform host.
3. Extract the Splunk Supporting Add-on for the VMware package:

   cd/opt/splunk/etc/apps
   tar xvzf splunk_supporting_add_on_for_vmware-<version>.tgz
   

4. Verify that you extracted the SA_ITSI_VMware subdirectory in the $SPLUNK_HOME/etc/apps directory.
5. Restart Splunk Enterprise.

   /opt/splunk/bin/splunk restart
   

Install the Splunk Supporting Add-on for VMware in a search head cluster environment

Perform the following steps to install the Splunk Supporting Add-on in a search head cluster:

1. Download the Splunk Supporting Add-on for VMware from Splunkbase and put the splunk_supporting_add_on_for_vmware-<version>.tgz file in a temporary directory to avoid overriding critical files:

   cp splunk_supporting_add_on_for_vmware-<version>.tgz /tmp
   

2. Change to /tmp directory and extract the Splunk Supporting Add-on for the VMware package:

   cd /tmp
   tar xvzf splunk_supporting_add_on_for_vmware-<version>.tgz
   

3. Copy the extracted files and move them into your deployer's apps folder inside the shcluster folder:

   cp -r * $SPLUNK_HOME/etc/shcluster/apps/
   

4. Verify that the extracted package was copied correctly and resides in the $SPLUNK_HOME/etc/shcluster/apps folder:

   SA_ITSI_VMware
   

5. On your deployer, deploy the Splunk Supporting Add-on for VMware onto any member of your search head cluster:

   /splunk apply shcluster-bundle -target <URI>:<management_port> -auth <username>:<password>
   

6. Restart Splunk in each of the locations where you installed the add-on.

Enable Data model acceleration and use data models

Enable data model acceleration

An admin can enable data acceleration or change the acceleration period. Complete the following steps on the search head to enable acceleration of the VMwareInventory data model:

1. In Splunk Web, go to Settings > Data Models.
2. From the App list , select VMware (SA_ITSI_VMware) to see the data models defined and used by the Splunk Supporting Add-on for VMware
3. Click Edit next to the data model you want to enable acceleration for and select Edit Acceleration.
4. Check Accelerate.
5. Select the summary range to specify the acceleration period. The default summary range is 1 month.
6. Click Save.

Fields for VMwareInventory event objects

The following table lists the extracted and calculated fields for the event objects in the VMwareInventory data model.