Splunk® App for VMware (Legacy)

Installation and Configuration Guide

On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy). For documentation on the most recent version, go to the latest release.

Setup Requirements

Check that you have satisfied the setup requirements

On vCenter:

  • Install the missing VMware WSDL files. vSphere 5.0 and 5.0 update 1 update are missing two WSDL files that are required for the app to make API calls to vCenter. Install the VMware WSDL files as documented in the vSphere Web Services SDK WSDL workaround in the VMware documentation.
    • The missing files are: reflect-message.xsd, reflect-types.xsd, but to be safe, just overwrite all. NOTE: The programdata folder under C:\ is usually a hidden folder.
  • Check that you have a Universal Forwarder installed on the Windows vCenter machine and enable forwarding to forward the data to your central Splunk indexer. See "Install a Universal Forwarder on Windows" in the Forwarding Data manual.

On your indexer/search head:

  • Check that you have Splunk Enterprise version 6.0.2 or later installed in a Unix or Linux environment.
  • Check that you have the latest version of SA-Hydra (version 4.0.0) and SA-Utils (version 3.1.0).
  • Check that your licensing volume can support approximately 300 MB per host per day. See "Splunk app for VMware indexing data volumes".
  • Set up a receiving port (for example 9997) so that you can send data to it.
  • Know the administration credentials for Splunk (search head and indexers).

Configure ESXi log collection

  • Enable UDP and TCP ports on ESXi hosts.

Get a data collection node:

On the data collection node:

  • For the pre-packaged OVA, know the default splunkadmin credentials (splunkadmin/changeme and root/changemenow).
  • Check that you have Splunk Enterprise version 6.0.2 or later installed in a Unix or Linux environment.
  • Check that you have the latest version of SA-Hydra (version 4.0.0) and SA-Utils (version 3.1.0).
  • Set up forwarding to the indexers.
Last modified on 28 January, 2015
Splunk App for VMware Architecture   System Requirements

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters