Splunk® App for VMware (Legacy)

Installation and Configuration Guide

On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy). For documentation on the most recent version, go to the latest release.

Validate your setup

You can validate that you correctly set up the Solution by running Splunk App for VMware. If the data displays correctly in the appropriate views, then you have configured your inputs correctly. How quickly the views are populated with data depends on the amount of data coming into Splunk. Populating the dashboards can take some time.

If you haven't done this already, you should first start the Splunk instance: 

splunk start

Launch Splunk Web

Now that you have Splunk running, start the Splunk Web interface on your indexer/search head. Splunk Web runs by default on port 8000 of the host on which it's installed. If you are using Splunk on your local machine, the URL to access Splunk Web is http://localhost:8000. Open a browser and navigate to that location. Login to the Splunk instance (the default login is username=admin/password=changeme).

If you are using an Enterprise license, launching Splunk for the first time takes you to this login screen. Follow the message to authenticate with the default credentials:

First time login.png

If you are using a Free license, you do not need to authenticate to use Splunk. In this case, when you start up Splunk you won't see this login screen. Instead, you will be taken directly to Splunk Home or whatever is set as the default app for your account.

When you sign in with your default password, Splunk asks you to create a new password.

Password prompt.png

You can either Skip this or change your password to continue.

Welcome to Splunk

When you log into Splunk for the first time, you land in Splunk Home. Select the Splunk App for VMware.

VMware home.png

Check the Solutions Administration views

The data health views in the Solution Administration Dashboard provide metrics on the health of the data in Splunk. Examine each of the views associated with data you are collecting fom your environment; You should check inventory, hierarchy, time, performance, and log data in the app for the given VC and ESX/i hosts.

Check the Time Data Health Overview view to see if your FA or any of your ESX/i servers show up with an unacceptable time difference. If some do not, the clock on that host is most likely set incorrectly. If the time is set incorrectly, you must fix the time on all of your hosts for the solution to work correctly. If you had to reset the time on your FA, restart the forwarder inside it, wait for a few minutes, and then verify that you are seeing an acceptable time in the Time Health view.

Check the VMware Data Health views: When you have verified the time for the FA and all of your ESX/i hosts, then check to see that all of the different kinds of data in the solution are being captured properly. Check each of the various data health views:

  • Inventory
  • Tasks
  • Events,
  • ESX / ESXi logs
  • Performance

It can take time for the views to populate especially if you have a large environment collecting many different types of data. Give the dashboards some time to load the data before you start troubleshooting.

Last modified on 18 May, 2012
 

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 1.0, 1.0.1, 1.0.2

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters