On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy).
For documentation on the most recent version, go to the latest release.
The Collection Configuration dashboard
The Data Collection Nodes panel
Look here for more details and explanation on adding, deleting, and editing data collection nodes.
| Field | Description | |
|---|---|---|
| + | Add a new node. | |
| node box | Nodes configured in your environment. The nodes may or may not be working. The status of a node is always displayed. A green check box indicates that the node has passed all the validation checks. A red x indicates that something is wrong. | |
| Node management URI | This is the URI of the selected node. Validation is enforced on the device management URI as Splunk expects a certain protocol. You must specify the full management URI of the Splunk installation. This is comprised of the protocol (https is required) , the address, and the port number for the management URI. For example, <code>https://testnode1:8089</code>. Do this in the Create new Collection Node dialog. | |
| Sync | Run validation on the node. | |
| Pencil | Edit settings for the selected node. | |
| Trash can | Delete the selected node. | |
| Splunk Forwarder Username | The username for the selected node. The default username is admin.
| |
| Worker processes | This is the number of processes you want to run on the Data Collection Node to process the data and forward it to the Indexer(s). This is remote forwarder management. The minimum number of processes you can run in 1 and the maximum number is 8. Configure this when you create a new node or edit the settings of an existing node.
Each time you access a node, the credentials for that node are validated. | |
| Credential Validation | Green check mark indicates valid. Red X indicates a problem. | |
| Add-on Validation | Green check mark indicates valid. Red X indicates a problem. Add-on Validation validates that all the Add-ons are installed on the node. It does not validate the build number of the installed apps. |
Virtual Centers panel
Look here for more details and explanation on adding, deleting, and editing Virtual Center settings.
| Field | Description | |
|---|---|---|
| + | Add a new Virtual Center. | |
| nodes | Virtual Centers configured in your environment. The status of a VC is always displayed. A green check box indicates that the node has passed all the validation checks. A red x indicates that something is wrong. | |
| Virtual Center Domain | for example, test-vcenter100. This is the domain name of the selected VC. You must specify the full protocol and the port number for the management URI. Do this in the Collect from New Virtual Center pop-up.
| |
| Sync | Run validation on the selected VC. | |
| Pencil | Edit settings for the selected VC. | |
| Trash can | Delete the selected VC. | |
| VC Username | The username for the selected vCenter. The default username is admin.
| |
| Collecting from | This is a number that links to the list of hosts that you have configured to collect data. Click on the link to show the host list. | |
| VC Credential validation | A green check mark indicates a valid credentials check. A red X indicates a problem with accessing the vCenter. | |
| Syslog Validation | A green check mark indicates a valid credentials check. A red X indicates a problem with accessing syslog. | |
| Syslog configuration status | A green check mark indicates that you can access teh syslog server and that syslog data can be collected. |
Stop Schduler/ Start Scheduler - Click this button to start collecting data from your environment. Note that if you have the scheduler running and you want to add another vCenter to the Collection Configuration, you must stop the scheduler and restart it so that the new vCenter can be included.
Create New Collection Node
| Field | Description |
|---|---|
| Splunk Forwarder URI | This is the URI to the Splunk forwarder on your data collection node. Communication happens on port 8089. Enter the URI in the format https://<ipaddress>:8089 |
| Splunk Forwarder Username | The forwarder username. |
| Splunk Forwarder password | The forwarder password. |
| Worker Processes | These are the worker processes that run on the node to do data collection tasks. They are managed directly by the scheduler. The maximum number you can have is 8 unless you do some advance configuration. |
Collect from New Virtual Center
| Field | Description | |
|---|---|---|
| Virtual Center FQDN | Fully qualified domain name for the vCenter. | |
| VC username | The username used to access the vCenter. | |
| VC Password | This is the password for the virtual Center. | |
| Collect VC logs | Check the associated box to collect vCenter logs. More fields are displayed to gather the required information needed to access the data.
| |
| VC Splunk forwarder URI | For example:
https://test-vcenter100:8089 Universal Forwarders have a default port of 8089 (Sometimes on Windows the port 8090 gets selected as the Splunk managment port). | |
| VC Splunk forwarder Username | For example, the default admin. | |
| VC Splunk forwarder password | For example, the default changeme. When installing a forwarder on the vCenter, you should have changed the Splunk admin default password. | |
| Collect from all hosts | Check the box if you want to collect data from all hosts managed by the Virtual Center. When the box is unchecked you can specify the hosts you want to include in your environment. The Host Whitelist Regex and Host Blacklist Regex fields are displayed to enable you to filter host selection. | |
| Host Whitelist Regex | Only available if "Collect from all hosts" is not selected. Use regex syntax. This only has an impact on performance data collection. It provides more control over the granularity of the data we're getting from the hosts. Data will only be collected from the hosts matching the criteria specified here. | |
| Host Blacklist Regex | Only available if "Collect from all hosts" is not selected. Use Regex syntax. This only has an impact on performance data collection. It provides more control over the granularity of the data we're getting from the hosts. Data will not be collected from the hosts matching the criteria specified here. | |
| Enable Syslog Collection | Check this box if you want to collect Esxi log data. Checking the box displays the associated Syslog URI field. Syslog data is collected and sent to the relevant indexer. | |
| Syslog URI | Enter the relevant URI. Syslog data comes into a Splunk indexer on udp port 514 or tcp port
1514 |
Last modified on 02 April, 2014
| How Splunk for VMware works | Data collection configuration files |
This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.0, 3.0.1, 3.0.2
Download manual
Feedback submitted, thanks!