Installation checklist
Now that you have read the check list and prepared for the software installation (see the Preparation checklist) you can install Splunk for VMware. This installation check list is a quick review of all the items you must install to get the Solution working in your environment.
The Checklist
- Install Splunk App for VMware. Transfer the App package file,
splunk_app_vmware-<version>-<build_number>.zip
to each indexer and search head in your environment. Install it using using the same user account that you used to install Splunk on your systems. - Install the Splunk Technology Add-on for VMware vCenter,
Splunk_TA_vcenter-<version>-<build_number>.zip
on the vCenter machines from which you want to collect log data . - Download and Install a Splunk forwarder (the universal forwarder or light forwarder): Install this forwarder onto the same Windows machine on which vCenter Server resides and enable forwarding to forward the data to your central Splunk indexer.
- Create an outputs.conf file (if one does not already exist) on each forwarder on a vCenter machine to send VMware data to your indexers.
- Set up your
props.conf
file on your indexer(s)/search head(s) with the appropriate time zone information. See Set the time zone for vCenter log files in this manual for more information. - Install the Splunk Forwarder Virtual Appliance for VMware (FA VM),
splunk_for_vmware_forwarder_appliance_<version>-<build_number>.ova
. Deploy the OVA as a VM in your VMware environment with the correct virtual machine resource settings (see Preparation Checklist).- Check that the network adapter for the VM is on a network that can see all vCenter Servers and unmanaged ESXi hosts and that the network can also see the Splunk Indexers. For more information on how to do this, see Install the FA VM.
- Once deployed, log into the FA VM as the
splunkadmin
user. - Goto VMware's website and download the VMware vSphere SDK for Perl 5.1 (64bit for linux),
VMware-vSphere-Perl-SDK-5.1.0-780721.x86_64.tar.gz
and copy (scp) it onto the FA. See Install the Perl API package in this manual. - Configure the default properties for the FA VM. Within the OS you can configure non-DHCP network settings and change other default settings. Follow the instructions in the topic "Configure the default properties for the FA VM" to change the default properties. You can:
- Change the default passwords.
- Set the FA VM's OS hostname.
- Set the "OS hostname"-related settings in the FA VM's Splunk instance.
- Set static IP addresses.
- Set the timezone in the FA VM.
- Change the NTP server pool list.
- Run
logincreator.pl
with the appropriate parameters to automatically create service accounts, if accounts do not already exist. To learn more, see Create service accounts in this manual. Run the command with the help option to see more details:~$ perl logincreator.pl --help
.
- Run
enginebuilder.py
to automatically create theengine.conf
files used by the Perl modules. Theengine.conf
files specify the data to collect from your VMware environment. Note thatenginebuilder.py
does not support unmanaged hosts. To learn more, see Configure data collection in this manual. - Set up forwarders on your FA so that the data you collect can be sent to the indexers. See Configure forwarding on your FA to configure the
outputs.conf
file to forward VMware data to a destination indexer. - Run
credentials.pl
to obfuscate passwords in the configuration files if you don't want to store them as clear text. Do this after you have generated the configuration files. Optionally remove the passwords from yourengine.template
file.
Configure distributed search and forwarding
Each environment is configured differently. Use the Splunk product documentation to set up the forwarders you need and to make decisions about how you want to configure them for your particular use. The forwarders and the VC are set up to forward data to the indexers. Add search heads as peers to your indexers.
Preparation checklist | Deployment considerations |
This documentation applies to the following versions of Splunk® App for VMware (Legacy): 2.0
Feedback submitted, thanks!