Splunk® App for VMware (Legacy)

Installation and Configuration Guide

Acrobat logo Download manual as PDF


On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Collect Windows vCenter log data

Install the Splunk Technology Add-on for VMware vCenter to collect vCenter log data. Use a Splunk Universal Forwarder to forward the log data from your Windows vCenter Server to the Indexer.

  1. Install a Splunk forwarder.
    1. Download the Universal Forwarder version you need.
    2. Install the Universal Forwarder. See "Install a Universal Forwarder on Windows" in the Forwarding Data Manual.
  2. Configure forwarding.
    1. Configure the forwarder on your vCenter machines to send data to your indexer(s). Do this in the outputs.conf file for each forwarder installed on a vCenter machine. See "Configure forwarders with outputs.conf" in the Forwarding Data Manual.
  3. Change your Splunk password.
    1. The default password for the Splunk Enterprise admin user (on all Splunk instances) is changeme. We recommend that you change the password using Splunk Web (https://<ip-address>:8000). See "Change the admin default password" in the Admin manual.
  4. Install Splunk_TA_vcenter.
    1. Get the file Splunk_TA_vcenter-<version>-<build_number>.zip from the download package and install it on your VMware vCenter machines.
    2. Unzip the file, "Splunk_TA_vcenter-<version>-<build_number>.zip", into the apps directory under %SPLUNK_HOME%\etc\apps. When installing on a universal forwarder the path is C:\Program Files\SplunkUniversalForwarder\etc\apps otherwise it is C:\Program Files\Splunk\etc\apps.
  5. Restart Splunk. See "Start and stop Splunk" in the Admin Manual.
    In %SPLUNK_HOME%\bin run the command splunk restart. You can also use Windows services and select Start > Administrative Tools > Services > Splunkd restart.

You have now configured the Splunk App for VMware to collect log data from your Windows vCenter servers and to forward the data from vCenter to your Splunk Indexers or combined Indexer Search Head(s).

Last modified on 10 July, 2014
PREVIOUS
Configure Splunk for ESXi logs 		  NEXT
Collect VMware vCenter Server Linux Appliance log data

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.0, 3.0.1, 3.0.2, 3.1

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters