Splunk® App for VMware (Legacy)

Installation and Configuration Guide

On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy). For documentation on the most recent version, go to the latest release.

System Requirements

Splunk requirements to run the app

  • Splunk version 6.0.2 or later running on Splunk indexers and search heads (in a Unix or Linux environment only) . See "System requirements" in the Splunk Installation Manual.
  • A default Splunk configuration with a Splunk Enterprise licensing volume that can support approximately 300 MB of data per host per day.
  • Resource Splunk indexers according to Splunk best practices.

Distributed Collection Scheduler requirements

These supporting add-ons support the Distributed Collection Scheduler in the Splunk App for VMware. They are versioned separately to the Splunk App for VMware. It is important to note the versions installed if you have Splunk App for NetApp ONTAP installed as it also uses the Distributed Collection Scheduler. See "Requirements for installing with other apps".

  • SA-Hydra version 4.0.0.
  • SA-Utils version 3.1.0.

VMware versions Supported

  • VMware vSphere versions 4.1, 5.0, 5.0 Update 1, version 5.1, and version 5.5.
    • There is a bug in VMware vSphere version 5.0 and all updates to version 5.0. Two WSDL files required by the Splunk App for VMware to make API calls to vCenter are missing. During the installation process get the vSphere Web Services SDK WSDL workaround and put the files on your vCenter.
  • ESXi 4.1, 5.0, 5.0 Update 1, 5.1 and 5.5 on 64-bit x86 CPUs.
  • Windows vCenter server.
    • Use the Windows based vCenter server to collect vCenter log data.
  • Linux-based vCenter Server Appliance.
  • vCenter servers configured in linked mode.
    • Add each vCenter instance inside the linked pool individually to the Collection Configuration dashboard, as is done for vCenters not in linked mode. The Splunk App for VMware only collects API data for those vCenter instances, in the linked pool, that you individually added to the Collection Configuration dashboard in the app. It does not recognize vCenter servers in the linked pool that have not been added to the data collection configuration.

Browsers supported

The Splunk App for VMware supports the browser versions listed below:

  • Firefox (latest)
  • Internet Explorer 9 and 10
  • Safari (latest)
  • Chrome (latest)

Note: The Splunk App for VMware does not support IE 8 and does not work in IE 9 Compatibility mode.

Splunk App for VMware data volume requirements

Test results show that you can expect to collect approximately 300 MB of data per host per day from your environment. This number varies depending on the volume of log data you collect and the number of virtual machines that reside on a host. In a typical environment this number lies between 250MB-350MB. See the information below for further details.

Collected data type Data volume
Total vCenter logs 15 MB of data per host per day per vCenter. For example, 750MB in a 50 host environment.
ESXi host logs 185 MB of data per host per day. (In a typical environment this number can range from 135MB to 235M of data, but it can vary widely depending on your environment).
Total API data per host 10 MB of data per host per day.
Total API data per virtual machine 3 MB of data per day,

Splunk data collection node resource requirements

The default OVA provided as part of the download is pre-configured with resources set according to the requirements below. Follow the Resource requirements below to configure your own data collection node.

Resource requirements

A single data collection node requires:

  • 4 cores - 4 vCPUs or 2 vCPUs with 2 cores with a reservation of 2 GHz.
  • 6GB memory with a reservation of 1 GB.
  • 4-10 GB of disk space. The default virtual machine that Splunk provides already has this set.

At these requirements, one data collection node can collect from 40 ESXi hosts. This is a safe recommendation. That is,1 core per 10 ESXi hosts.

Software requirements

A single data collection node requires:

  • A Splunk supported version of CentOS or RedHat Enterprise Linux (RHEL) that is supported by Splunk Enterprise version version 6.0.1 or later.
  • A Splunk Enterprise heavy forwarder or light forwarder, version 6.0.1 or later. This is a minimum Splunk requirement for the Splunk App for VMware. (Python is required.)
  • The Splunk App for VMware app components SA-Hydra version 4.0.0, SA-Utils version 3.1.0, and Splunk_TA_vmware.
Last modified on 13 March, 2015
Setup Requirements   Plan your deployment

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters