System Requirements
Splunk requirements to run the app
- Splunk version 5.0.4 or later running on Splunk indexers and search heads. See "System requirements" in the Splunk Installation Manual.
- A default Splunk configuration with a licensing volume that can support approximately 300 MB of data per host per day.
- Resource Splunk indexers according to Splunk best practices.
VMware versions Supported
- VMware vSphere versions 4.1, 5.0, 5.0 Update 1, version 5.1, and version 5.5.
- There is a bug in VMware vSphere version 5.0 and all updates to version 5.0. Two WSDL files required by the Splunk App for VMware to make API calls to vCenter are missing. During the installation process get the vSphere Web Services SDK WSDL workaround and put the files on your vCenter.
- ESXi 4.1, 5.0, 5.0 Update 1, 5.1 and 5.5 on 64-bit x86 CPUs.
- vCenter servers configured in linked mode are supported. For vCenter servers in linked mode, treat each instance inside the linked pool individually and add them to the Collection Configuration dashboard, as is done for vCenters not in linked mode. The Splunk App for VMware collects API data only for the added vCenter and it will not recognize the other vCenter servers in the linked pool unless they are also added to the Collection Configuration dashboard in the app.
Note:
- We do not support the Linux based vCenter Virtual Appliance to collect vCenter log data. You can collect API data with the Linux vCenter Virtual Appliance. Syslog data collection is not affected by this limitation.
Browsers supported
The Splunk App for VMware supports the browser versions listed below:
- Firefox (latest)
- Internet Explorer 9 and 10
- Safari (latest)
- Chrome (latest)
Note: The Splunk App for VMware does not support IE 8 and does not work in IE 9 Compatibility mode.
Splunk App for VMware data volume requirements
Test results show that you can expect to collect approximately 300 MB of data per host per day from your environment. This number varies depending on the volume of log data you collect and the number of virtual machines that reside on a host. In a typical environment this number lies between 250MB-350MB. See the information below for further details.
| Collected data type | Data volume |
|---|---|
| Total vCenter logs | 15 MB of data per host per day per vCenter. For example, 750MB in a 50 host environment. |
| ESXi host logs | 185 MB of data per host per day. (In a typical environment this number can range from 135MB to 235M of data, but it can vary widely depending on your environment). |
| Total API data per host | 10 MB of data per host per day. |
| Total API data per virtual machine | 3 MB of data per day, |
Splunk data collection node resource requirements
The default OVA provided as part of the download is pre-configured with resources set according to the requirements below. Follow the Resource requirements below to configure your own data collection node.
Resource requirements
A single data collection node requires:
- 4 cores - 4 vCPUs or 2 vCPUs with 2 cores with a reservation of 2 GHz.
- 6GB memory with a reservation of 1 GB.
- 4-10 GB of disk space. The default virtual machine that Splunk provides already has this set.
At these requirements, one data collection node can collect from 40 ESXi hosts. This is a safe recommendation. That is,1 core per 10 ESXi hosts.
Software requirements
A single data collection node requires:
- A Splunk supported version of CentOS or RedHat Enterprise Linux (RHEL) that is supported by Splunk Enterprise version 5.0.4 or later.
- A Splunk Enterprise heavy forwarder or light forwarder, version 5.0 or later. This is a minimum Splunk requirement for the Splunk App for VMware. (Python is required.)
- The Splunk App for VMware app components SA-Hydra, SA-Utils, and Splunk_TA_vmware.
| Setup Requirements | Plan your deployment |
This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.0.2
Download manual
Feedback submitted, thanks!