Splunk® App for VMware (Legacy)

Installation and Configuration Guide

On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy). For documentation on the most recent version, go to the latest release.

Creating service accounts

Create users

A user is required for authentication and is assigned a role in later steps for authorization. The following steps show how to create local users. If you are using ActiveDirectory for authentication on your ESX/i hosts, skip to the "Make users in ActiveDirectory" section below.

Make local users on your ESX/i hosts

You can manually create local ESX/i users on a per host basis or you can automatically create users using the Installation tools provided with the FA VM.

NOTE: To use the tools to automatically create the engine configuration files, all ESX/i hosts in the host_csv field must use the same service account username and password (hostuser, hostpwd). If your ESX/i hosts do not use the same service account credentials, you can run enginebuilder.py multiple times or generate the FA VM configuration files manually.

To manually create a user for a particular hosts:

  1. Open up the vSphere client and connect to the ESX/i machine where you want to create the user.
  2. Go to the Local Users & Groups tab for the ESX/i machine in the inventory screen.
  3. Right click in the list of users and click add from the context menu.
  4. Under User Information enter a login name (e.g. splunksvc) and optionally a user name. The login, NOT the user name, will be what you'll use for authentication. The user name is just a more readable string for display purposes.
  5. Under Enter Password enter a password and ensure it meets your minimum password requirements, usually a character count and two different types of characters.
  6. Leave Group Membership untouched, the user will be auto-assigned to the group users.
  7. Click OK and you should see your user in the list of users. If so, then you are done.

Spl vmw make esxuser.png

Make users in ActiveDirectory

In a VMware environment, you can join your ESX/i hosts to an ActiveDirectory domain for authentication. Service accounts have to be created on all ESX/i hosts for the Splunk for VMware solution to work correctly. If any of your machines are not configured to use AD authentication, then you must create a "local" user on each one (see the relevant sections above for steps on how to do that).

For machines that are participating in an AD domain, you must create a service account in the given domain using the appropriate control panel in Windows Server. Most VMware environments use a single AD domain for authentication. However, if you are using multiple AD domains, then you must create a service account in each domain that your VMware environment is using.

How to create a service account within AD can vary depending upon your specific environment. Detailed steps are beyond the scope of this document. See your AD administrator to learn how to do this correctly for your environment. Here is an article that also may be helpful: http://technodrone.blogspot.com/2010/07/esxi-41-active-directory-integration.html.

After you have created the necessary service account(s) in AD, you must still create the required role and map it to the service account you just created in AD. The steps are the same as for local accounts. Follow the instructions in Create roles on each Esx/i host.

Create roles on each ESX/i host

To create a role on each ESX/i host:

  1. Open up the vSphere client and connect to the vCenter. Log in with administrative privileges.
  2. Click Home in the path bar.
  3. Under Administration click Roles.
  4. Click the Add Role button.
  5. In the Add new Role dialog, enter a name for the role (e.g. splunkreader).
  6. Select the appropriate permissions for the role (see Required permissions in vSphere below).

Required permissions in vSphere

The following table lists the permissions for the role defined in vSphere. This is required so that the Forwarder Appliance can collect data from the ESX/i host.

Permission
Global.Diagnostics
Global.Licenses
Global.Settings
Host.Configuration.Change SNMP settings
Host.Configuration.Hyperthreading
Host.Configuration.Memory configuration
Host.Configuration.Network configuration
Host.Configuration.Power†
Host.Configuration.Security profile and firewall
Host.Configuration.Storage partition configuration
Sessions.View and stop sessions
Virtual machine.Provisioning.Read customization specifications

†Applies to VMware 4.1 only

  1. Click OK and you should see your role in the list of roles. If so, then you're done!

Spl vmw editmakerole.png


Assign users to roles

  1. In the vSphere client connect to the ESX/i host that contains the user and role you created and now want to link together.
  2. Go to the Home >Inventory >Inventory screen on an ESX/i host.
  3. Right-click on the root object in the tree on the left and click "Add Permission" from the context menu.
  4. On the left of the Assign Permissions window, under Users and Groups click Add...
  5. Select the user you wish to assign a role to (e.g. splunksvc) from the list box and click Add then click OK.
  6. On the right of the Assign Permissions window, under Assigned Role select the role you wish to assign to the user from the pull down menu (e.g. splunkreader).
  7. Make sure the Propagate to Child Objects check box is ticked, without it your user will not have all of the necessary permissions.
  8. Click OK and verify that your user is listed on the permissions tab and has the role you assigned.

Spl vmw assignpermissions.png

Last modified on 31 May, 2013
Access permissions and credentials   Administering credentials files

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 1.0.2, 1.0.3, 2.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters