Installation checklist
The Install checklist provides a general overview of the process involved in installing the Splunk App for VMware. It is not a substitute to the installation steps themselves.
Download the Splunk App for VMware
- Download the Splunk App for VMware from Splunk Apps. See "Download the Splunk App for VMware" in this manual for information on where the individual app package files reside. During the installation you will get the relevant package files and install them into your environment.
On your indexer/search head:
- Get the application package zip file
splunk_app_vmware-<version>-<build_number>.zip
from the download package. - Install the file into
$SPLUNK_HOME
on each indexer/search head in your environment. This contains all of the app components. - Note: for a dedicated indexer, install the components Splunk_TA_vmware, Splunk_TA_vcenter, Splunk_TA_esxilogs, SA-Utils, and SA-Hydra into the
$SPLUNK_HOME/etc/apps directory
. - Restart Splunk.
- Now that the app is installed, in Manager, set up roles for the users of the app.
- Note: For a first time install, the Setup screen is displayed. Accept all of the default options on the Setup screen.
Configure Splunk for ESXi logs
- Use your own Syslog server ( not documented here) and forward the data to your an indexer.
- Set up forwarding to an intermediate forwarder and then to a Splunk indexer.
- To collect ESXi log data, in Manager select Data inputs and enable a udp (recommended) or TCP port on which you can collect syslog data. The Splunk App for VMware must have TCP port 1514 or UDP port 514 enabled to collect syslog data.
On the data collection node:
- Install the app,
splunk_forwarder_for_vmware_<version>.zip
, in$SPLUNK_HOME
. - Change the default Splunk password on the forwarder (the recommended method) or change the settings in the
/etc/system/local/server.conf
file to allow remote login to the data collection node. - Restart Splunk.
On vCenter:
- Create users on the vCenter machine with a limited permission set.
- Check that the scheduler can access the vCenter servers forwarder (required for a universal forwarder) on port 8090 and that firewalls do not prevent communication.
- To collect log data from vCenter, get the Splunk Technology Add-on for VMware vCenter (
Splunk_TA_vcenter-<version>-<build_number>.zip
) from the download package. - Check that port 443 on vCenter is open. Check that the data collection node and the search head can access port 443 on vCenter. The data collection node collects data from vCenter and the Splunk search head validates the credentials.
On your indexer/search head:
- Login to the Splunk App for VMware.
- From the App menu, select Settings, then Collection Configuration.
- Configure your data collection node credentials.
- Configure your vCenter credentials.
- Configure universal forwarder credentials on vCenter for vCenter log data.
- Configure the collection of ESXi log (Syslog) data when using intermediate forwarders.
- Start the scheduler.
Plan your deployment | Install a license |
This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.0, 3.0.1, 3.0.2
Feedback submitted, thanks!