Splunk® App for VMware (Legacy)

Installation and Configuration Guide

On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy). For documentation on the most recent version, go to the latest release.

About Splunk for VMware

Splunk for VMware is a solution built on top of Splunk. Using Splunk best practices it collects data from your inputs and maps and displays that data in custom built dashboards in the Splunk App for VMware. It fits tightly into the Splunk ecosystem using all the core Splunk components.

VMW SplunkforVMwareTopology.jpg

Solution Components

Install the Splunk for VMware Solution into an environment where Splunk is already installed and running.

Splunk for VMware contains the following four main components:

  1. Splunk App for VMware: This is the App that provided a window to your splunked VMware environment. The data you collect in Splunk is mapped to the views and dashboards in the App. The App contains the UI components, searches, and indexing definitions for your VMware data. Install the App as the splunkadmin user on the indexers and search heads in your environment.
  2. Splunk Technology Add-on for vCenter: Otherwise known as TA-vcenter. This component forwards vCenter data to the Splunk indexer. Install this component on the same Windows machine on which the vCenter Server resides.
  3. Splunk Forwarder Virtual Appliance for VMware: Otherwise known as the Splunk FA VM. This is the FA VM image used to collect data from your VMware environment. Install it, using the vSphere client, on each of the ESX and ESXi hosts you want to splunk. The Splunk FA VMs forward their data to the Splunk indexer. Once you have setup your Splunk FA VM, you can clone it and install it on any VM that you want to monitor. The FA VM does not have to reside on the host that it is monitoring. It must be able to authenticate with the vCenter and the ESX/i hosts in the environment.
  4. Splunk Technology Add-on for VMware: Otherwise identified as TA-vmware. It is packaged with the Splunk Forwarder Virtual Appliance for VMware.

What does it do

Splunk for VMware collects and harnesses data from the virtualization layer to enable true end-to-end visibility in virtualized environments. It provides true operational intelligence using the power of Splunk to collect the data from your VMware environment and map it to the Splunk App for VMware. You can get the insights you need into your IT infrastructure to make informed business and operational decisions. You have the power to search and analyze the data and create reports and alerts on the data in the VMware environment.

You can:

  • Collect logs and performance metrics directly from the vSphere hosts. It enables persistence for long term analysis and trending.
  • Analyze and report on vCenter (VC) tasks and events to meet any audit/compliance requirements.
  • Correlate virtualization layer data with data from other tiers such as applications and operating system information from inside virtual machines as well as the hardware.

How does it work?

The Splunk for VMware solution collects machine data from the following components of your VMware environment:

  • ESX and ESXi hosts.
  • vCenter(VC) servers.

and forwards the data to a central Splunk instance (Splunk indexer/search head) running the custom-built Splunk App for VMware. The App is the window to your data and enables you to explore your data using the pre-built reports and dashboards.

VMW HowitWorks.jpg

The Solution gathers a limited amount of information (such as the hostname and IP address) from inside VM guest operating systems if VMware Tools is installed. To collect detailed information from your guest operating systems, you must install forwarders into your virtual machines and install the relevant Splunk App for that operating system, for example, install Splunk for Unix or Splunk for Windows. For more information on installing forwarders into guest operating systems see the associated App documentation. You can get Splunk Apps from Splunkbase.

Last modified on 24 April, 2015
About VMware   What data can I get

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 1.0, 1.0.1, 1.0.2, 1.0.3, 2.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters