On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy).
For documentation on the most recent version, go to the latest release.
Component reference table
Component Distribution
Refer to this table to see the individual app components that are installed into the splunked VMware environment.
| Component | Search head | Indexer | DCN | ESXi log FW | vCenter log Fwd |
|---|---|---|---|---|---|
| Splunk_TA_vmware | Y | Y | Y | ||
| Splunk_TA_esxilogs | Y | Y | Y | ||
| Splunk_TA_vcenter | Y | Y | Y | ||
| SA-VMW-LogEventTask | Y | ||||
| SA-VMW-Performance | Y | ||||
| splunk_for_vmware | Y | ||||
| SA-Hydra | Y | Y | Y | ||
| SA-Utils | Y | Y | Y | ||
| SA-Threshold | Y |
Component Distribution Notes
| Component name | Description |
|---|---|
| Search head | If you have a dedicated search head, install all of the app components on it. SA-Hydra must be installed as you can not schedule jobs without it. |
| Indexer | you must install all technology add-ons on a dedicated indexer. |
| Data Collection Node | We ship a data collection node OVA with everything installed on it. If you build your own data collection node, then you must have Splunk_TA_vmware (python based collection engine) installed on it. ESXi log data and vCenter log data is not collected through the API and therefor does not use the data collection node, so the data collection node only need the API data collected component installed on it, Splunk_TA_vmware. |
| Esxi host | Only install the log forwarding technology on the ESXi host. If you use an intermediate heavy forwarder to forward logs, install Splunk_TA_esxi_logs on the forwarder. A light forwarder or universal forwarder does not need this. |
| vCenter | Only install the log forwarding technology on it. If you use a universal forwarder or light forwarder to forward vCenter logs, you need to install TA_vcenter on it as it contains scripts that configure the inputs.conf.
|
App components
| Component name | Description | |
|---|---|---|
| Splunk app for VMware | This component contains the UI components and knowledge objects of the App. Install it on the indexers and search heads in your splunked VMware environment. It contains the following components in etc/apps:
| |
| Splunk TA for VMware vCenter (TA_vCenter) | This component collects vCenter log data and forwards it to the indexer(s) in your environment. Install it on the Splunk Forwarder (UF/HF) running on your vCenter machines. | |
| Splunk forwarder for VMware (TA-vmware) | Use this app component to create your own data collection node (DCN). It is shipped as part of the preconfigured OVA. When creating your own data collection node install it on a Splunk light forwarders or heavy forwarder on your data collection node. This is the component of the app that collects API data from your VMware environment. This app component makes API calls to vCenter to collect VMware API data and forwards that data to your Splunk indexer/search head. This data includes performance, inventory, hierarchy, and tasks and event data. API data is collected directly from vCenter. The Data Collection Node does not make API calls to ESXi hosts. | |
| The data collection node OVA | This is the pre-configured virtual machine created by Splunk and distributed as an OVA to collect data from your environment. The data collection node is shipped with two default user accounts and passwords; the admin account (splunkadmin / changeme) and root (root / changemenow). We encourage you to change the passwords. To do so, see change default passwords in this topic.This is an image of a centOS vm with the following apps installed on it:
|
Last modified on 13 March, 2014
| The data we collect | How Splunk for VMware works |
This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.0, 3.0.1
Download manual
Feedback submitted, thanks!