The Collection Configuration dashboard
The Data Collection Nodes panel
Look here for more details and explanation on adding, deleting, and editing data collection nodes.
Field | Description |
---|---|
+ | Add a new node. |
node box | Nodes configured in your environment. The nodes may or may not be working. The status of a node is always displayed. A green check box indicates that the node has passed all the validation checks. A red x indicates that something is wrong. |
Node management URI | This is the URI of the selected node. Validation is enforced on the device management URI as Splunk expects a certain protocol. You must specify the full management URI of the Splunk installation. This is comprised of the protocol (https is required) , the address, and the port number for the management URI. For example, <code>https://testnode1:8089</code>. Do this in the Create new Collection Node dialog. |
Sync | Run validation on the node. |
Pencil | Edit settings for the selected node. |
Trash can | Delete the selected node. |
Splunk Forwarder Username | The username for the selected node. The default username is admin .
|
Worker processes | This is the number of processes you want to run on the Data Collection Node to process the data and forward it to the Indexer(s). This is remote forwarder management. The minimum number of processes you can run in 1 and the maximum number is 8. Configure this when you create a new node or edit the settings of an existing node.
Each time you access a node, the credentials for that node are validated. |
Credential Validation | Green check mark indicates valid. Red X indicates a problem. |
Add-on Validation | Green check mark indicates valid. Red X indicates a problem. Add-on Validation validates that all the Add-ons are installed on the node. It does not validate the build number of the installed apps. |
Virtual Centers panel
Look here for details on how to add, delete, and edit vCenter settings.
Field | Description |
---|---|
+ | Add a new Virtual Center. |
nodes | vCenter Servers configured in your environment. The status of a vCenter is always displayed. A green check box indicates that the node has passed all the validation checks. A red x indicates that there is a problem. |
Virtual Center Domain | This is the domain name of the selected vCenter, for example, test-vcenter100 . Specify the full protocol and the port number for the management URI. Do this in the Collect from New Virtual Center pop-up.
|
Sync | Run validation on the selected vCenter. |
Pencil | Edit settings for the selected vCenter. |
Trash can | Delete the selected vCenter. |
VC Username | The username for the selected vCenter. The default username is admin .
|
Collecting from | This is a number that links to the list of hosts that you have configured to collect data. Click on the link to show the host list. |
VC Credential validation | A green check mark indicates a valid credentials check. A red X indicates a problem accessing the vCenter. |
Stop Schduler/ Start Scheduler - Click this button to start collecting data from your environment. Note that if the Distributed Collection Scheduler is running and you want to add another vCenter to the Collection Configuration, stop the Distributed Collection Scheduler and restart it so that the new vCenter can be included.
Create New Collection Node
Field | Description |
---|---|
Splunk Forwarder URI | This is the URI to the Splunk forwarder on your data collection node. Communication happens on port 8089. Enter the URI in the format https://<ipaddress>:8089 |
Splunk Forwarder Username | The forwarder username. |
Splunk Forwarder password | The forwarder password. |
Worker Processes | These are the worker processes that run on the node to do data collection tasks. They are managed directly by the Distributed Collection Scheduler. The maximum number you can have is 8 unless you do some advance configuration. |
Collect from New Virtual Center
Field | Description |
---|---|
Virtual Center FQDN | Fully qualified domain name for the vCenter. |
VC username | The username used to access the vCenter. |
VC Password | This is the password for the vCenter. |
Collect VC logs | vCenter logs are not collected by default. Check the box to collect vCenter logs. More fields are displayed to gather the required information needed to collect the data.
|
VC Splunk forwarder URI | For example:
https://test-vcenter100:8089 Universal Forwarders have a default port of 8089 (Sometimes on Windows port 8090 is used as the Splunk managment port). |
VC Splunk forwarder Username | For example, the default admin. |
VC Splunk forwarder password | For example, the default changeme. When installing a forwarder on the vCenter, change the Splunk admin default password. |
Collect from all hosts | Check the box to collect data from all hosts managed by the vCenter. When the box is unchecked you can specify the hosts you want to include in your environment. The Host Whitelist Regex and Host Blacklist Regex fields are displayed to enable you to filter host selection. |
Host Whitelist Regex | Only available if "Collect from all hosts" is not selected. Use regex syntax. This only has an impact on performance data collection. It provides more control over the granularity of data collection from the hosts. Data is only collected from the hosts matching the criteria specified here. |
Host Blacklist Regex | Only available if "Collect from all hosts" is not selected. Use Regex syntax. This only has an impact on performance data collection. It provides more control over the granularity of the data collected from the hosts. Data is not collected from the hosts matching the criteria specified here. |
How Splunk for VMware works | Data collection configuration files |
This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.1
Feedback submitted, thanks!