Splunk® App for VMware (Legacy)

Installation and Configuration Guide

On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy). For documentation on the most recent version, go to the latest release.

Create service accounts on ESX(i) hosts

You must create service accounts on all ESX/i hosts for the Splunk for VMware solution to work correctly. In this topic we automatically create local users on ESX/i hosts using logincreator.pl. To get help on this tool, use the following command: ./logincreator.pl --help. logincreator.pl is located on the FA VM in $SPLUNK_HOME/etc/apps/Splunk_TA_vmware/bin.

To learn about ESX/i host password requirements, see the VMware Knowledge base and the specification listed below:

Password requirements for creating new users on ESX/i host

When you run logincreator.pl to automatically create service accounts on the ESX/i hosts, note that VMware imposes restrictions on username and password formats. If the password you enter is not accepted, then you must run logincreator.pl again with a valid password.

  • A password string must contain alphabetical characters (lower case), alphabetical characters (upper case), alphanumeric characters, and symbols to be accepted as a valid password.
  • The password can only contain a combination of these four character types. The shorter the length of the password, the more character types needed.
    • If you use a single character type, or a combination of two character types, then a valid password must be 8 characters in length.
    • If you use three character types, then a valid password must be 7 characters in length.
    • If you use four character types, then a valid password must be 6 characters in length.

The following restrictions also apply:

  • An uppercase character can not be a leading character.
  • A numeric value can not be a trailing character.
  • Four or more identical characters (whether upper case or lower case) cannot exist in the same sequence or in reverse order in the password string.

Service account permissions

The following table lists the permissions for the role defined in vSphere. These are the permissions that will be applied to the service accounts on the ESX/i host by logincreator.pl for VMware 4.1, 5.0, 5.0 Update 1.

Permission
Global.Diagnostics
Global.Licenses
Global.Settings
Host.Configuration.Change SNMP settings
Host.Configuration.Hyperthreading
Host.Configuration.Memory configuration
Host.Configuration.Network configuration
Host.Configuration.Power
Host.Configuration.Security profile and firewall
Host.Configuration.Storage partition configuration
Sessions.View and stop sessions
Virtual machine.Provisioning.Read customization specifications


To create accounts on all ESX/i hosts managed by a target vCenter server:

  1. SSH to your FA VM and log in as splunkadmin.
  2. Go to $SPLUNK_HOME/etc/apps/Splunk_TA_vmware/bin.
  3. Run logincreator.pl to create service accounts on all ESX/i hosts. If you do not specify passwords in your command, Splunk will prompt you to enter them when the command runs. Enter the following:
    ./logincreator.pl --target vcenter01.yourcompany.com --allhosts --ad vcenteradmin --adpwd vCenterAdminPwd123 --alt esxhostadmin --altpwd EsxhostAdminPwd123 --newuser splunkuser --newpwd SplunkUserEsxhostPwd123

Note: logincreator.pl assumes that the esxhostadmin credentials (user name/password) are the same for all hosts. For each host, it creates a service account with the same user name and password.

Where:

  • target is the vCenter server host domain name or IP address.
  • ad is an admin user ID on the target.
  • adpwd is the corresponding admin password on the target.
  • alt is the ESX/i host admin user ID if the target is the vCenter server.
  • altpwd is the ESX/i host admin user's corresponding password.
  • newuser is the new user account you want to create on your ESX/i host(s). This username must be 16 characters or less.
  • newpwd is the corresponding user password for the ESX/i host(s).

To create an account on a single target ESX/i host:

  1. SSH to your FA VM and log in as splunkadmin.
  2. Go to $SPLUNK_HOME/etc/apps/Splunk_TA_vmware/bin.
  3. Run logincreator.pl to create an account on a target host:
    ./logincreator.pl --target esxhost1.splunk.com --ad esxhostadmin --adpwd esxhostadminpwd123 --newuser splunkuseresxhost --newpwd splunkuseresxhostpwd123

Where:

  • target is the ESX/i host domain name or IP address.
  • ad is an admin user ID on the target.
  • adpwd is the corresponding admin password on the target.
  • newuser is the new user account you want to create on your ESX/i host(s). This username must be 16 characters or less.
  • newpwd is the corresponding user password for the ESX/i host(s).

To repermission an Active Directory user:

  1. SSH to your FA VM and log in as splunkadmin.
  2. Go to $SPLUNK_HOME/etc/apps/Splunk_TA_vmware/bin.
  3. Run logincreator.pl to create service accounts on all ESX/i hosts:
    ./logincreator.pl --target vcenter01.yourcompany.com --allhosts --ad vcenteradmin@yourcompany.local --adpwd vCenter@dminPwd123 --alt esxhostadminyourcompany.local --altpwd Esxhost@dminPwd123 --newuser splunkuseryourcompany.local --newpwd SplunkUserEsxhostPwd123

Where yourcompany.local is your AD domain. logincreator.pl re-permissions existing users on ESx/i hosts that are part of the same AD domain.

Last modified on 18 December, 2012
Configure forwarding   Configure data collection

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 1.0.2, 1.0.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters