How to upgrade
Upgrade for all Splunk for VMware versions prior to 1.0.1
If you have Splunk for VMware 1.0.0 installed:
- Upgrade to Splunk for VMware 1.0.3.
- Upgrade from Splunk for VMware version 1.0.3 to Splunk for VMware version 2.0.
Upgrade for Splunk for VMware 1.0.3 to version 2.0
Use these instructions to upgrade from Splunk for VMware version 1.0.3 to that latest software version, 2.0. Note: Splunk for VMware version 2.0 is only compatible with the VMware 5.1 Perl SDK. We do not support it with older versions of the VMware Perl SDK. When the App is installed you can configure it further using the instructions in the Solution Administration chapter in this manual.
Upgrade the Splunk App for VMware
To upgrade to version 2.0 of Splunk App for VMware on the search head/indexers, replace the existing files with the new installation. Follow the installation instructions for the App. See Install the App in the Splunk for VMware Installation and Configuration Guide.
Note for advanced users: If you have customized your summary index searches in your local directory, then as part of the upgrade process you must:
- Install the Splunk App for VMware 2.0.
- Verify your changes to
apps/SA-VMW-Performance/local/savedsearches.conf
are still valid, you may need to remake the changes to the newer saved searches if upgrading from 1.0.2 or below.
Upgrade the Splunk Technology Add-on for VMware vCenter
To upgrade to the Splunk Technology Add-on for VMware vCenter, version 2.0, replace the existing files with the new installation. Follow the installation instructions at Install the vCenter Add-on in the Splunk for VMware Installation and Configuration Guide.
Upgrade the Splunk Technology Add-on for VMware
You can upgrade the data collection engine of the Forwarder Virtual Appliance for VMware (FA VM) without having to standup a new FA VM. The 1.0.3 version of the FA VM is compatible with the 2.0 Splunk App for VMware, however to use this FA, install the latest data collection engine ( Splunk_TA_vmware) on your FA and then optionally run enginebuilder.py
to recreate the configuration files that collect the data in your VMware environment from vCenter. Rerunning enginebuilder.py>/code> changes the performance data collection to use a reduced set of metrics thereby reducing the data volume.
- Log in to your search head/indexer.
- Simultaneously log into your FA VM.
- Stop Splunk on the FA VM.
splunk stop
- Copy the contents of the the
$SPLUNK_HOME/etc/apps/Splunk_TA_vmware/…
directory on the search head/indexer to the existing $SPLUNK_HOME/etc/apps/Splunk_TA_VMware
directory of your Splunk install on the FA. Use recursive copy to copy all of the files and all of the sub-directories.
- Look in
$SPLUNK_HOME/etc/apps/Splunk_TA_VMware
on the FA to verify that the files were copied correctly.
- Start Splunk on your FA VM.
splunk start
You have now upgraded to the latest Splunk_TA_vmware.
To reduce your data volume
We recommend that you follow these instructions after updating Splunk_TA_vmware to limit metric collection for performance data.
This will reduce your data volume by only using the recommended set of metrics specified in the App. and run enginebuilder.py
to regenerate your engine.conf
files.
- On the FA VM, stop Splunk.
splunk stop
- Go to the
Splunk_TA_vmware/local
directory.
cd $SPLUNK_HOME/etc/apps/Splunk_TA_VMware/local
- Optionally, if you customized the engine files in your local directory, back up the engine files to save the changes you made.
- Run
enginebuilder.py
on the existing engine.template
file that contains all the information about your environment. Use the -c
option to run a default credentials check.
enginebuilder.py -c
- Start splunk
splunk start
If you limit the set of metrics you use from what you were using before, we recommend that you modify the associated lookup files in the app for a better experience on performance views. This:
- prevents additional metrics from displaying in the menu drop downs even if you no longer collect them.
- prevents warning messages associated with missing thresholds from being displayed.
To modify the lookup files:
- Allow the solution to run for at least 1 hour.
- Log into your search head.
- Run the following search over a timerange of "last 60 minutes":
index=summary_vmware source="SummaryVirtMachinePerfByMeidInstance15min*" type="VirtualMachine" | getfieldnames | makemv delim="," fieldnames | eval fieldnames=mvfilter(match(fieldnames, "^(?!(date|_|info|splunk|source|index|search|time|host|isvc|vc|path|Datacenter|Cluster|HostSystem|physicalhost|datacentermoid|clustermoid|hostsystemmoid|instanceUuid|uuid|typeduipath|uipath|moid|type|name|perftype|linecount|instance|meid|clustermeid|hostsystemmeid|datacentermeid))")) | eval instance=if(instance="Aggregated","no","yes") | stats values(fieldnames) as fields by meid,perftype,instance,_time | `makesv(fields)` | sort 0 meid, perftype, instance, _time | dedup meid,perftype,instance,fields consecutive=t | sort 0 -_time | outputlookup VMFieldList
- Now run this search over a timerange of "last 60 minutes":
index=summary_vmware source="SummaryHostSystemPerfByMeidInstance15min" type="HostSystem" |getfieldnames |reverse|makemv delim="," fieldnames| eval fieldnames=mvfilter(match(fieldnames, "^(?!(date|_|info|splunk|source|index|search|time|host|isvc|vc|path|Datacenter|Cluster|HostSystem|physicalhost|datacentermoid|clustermoid|hostsystemmoid|instanceUuid|uuid|typeduipath|uipath|moid|type|name|perftype|linecount|instance|meid|clustermeid|hostsystemmeid|datacentermeid))")) |eval instance=if(instance="Aggregated","no","yes")| stats values(fieldnames) as fields by meid,perftype,instance,_time | `makesv(fields)` | sort 0 meid perftype instance _time | dedup meid,perftype,instance,fields consecutive=t | sort 0 -_time | outputlookup HSFieldList
- These lookups will now only contain the metrics you are currently collecting.
Finalize the Upgrade
On the Splunk for VMware Setup page you perform the final steps to set up the App to work in your environment.
Note: By default the the old domain add-ons are disabled. You must select the option to delete them if you want to remove them from your environment.
- Start the Splunk app for VMware.
- Go to the Splunk Manager Apps page.
- From the Splunk main menu, select App > Manage apps....
- For the VMware app, under Actions, click Set up.
- Optionally, in the Finalize setup section of the page, check Disable/delete old add-ons if you want to delete all depreciated Domain Add-ons in your environment.
- Click Save.
- You have now completed your upgrade to 2.0.
Why upgrade | Clean up older installations |
This documentation applies to the following versions of Splunk® App for VMware (Legacy): 2.0
Feedback submitted, thanks!