The Collection Configuration dashboard

The Data Collection Nodes panel

Look here for more details and explanation on adding, deleting, and editing data collection nodes.

Field	Description
+	Add a new node.
node box	Nodes configured in your environment. The nodes may or may not be working. The status of a node is always displayed. A green check box indicates that the node has passed all the validation checks. A red x indicates that something is wrong.
Node management URI	This is the URI of the selected node. Validation is enforced on the device management URI as Splunk expects a certain protocol. You must specify the full management URI of the Splunk installation. This is comprised of the protocol (https is required) , the address, and the port number for the management URI. For example, <code>https://testnode1:8089</code>. Do this in the Create new Collection Node dialog.
Sync	Run validation on the node.
Pencil	Edit settings for the selected node.
Trash can	Delete the selected node.
Splunk Forwarder Username	The username for the selected node. The default username is `admin`.
Worker processes	This is the number of processes you want to run on the Data Collection Node to process the data and forward it to the Indexer(s). This is remote forwarder management. The minimum number of processes you can run in 1 and the maximum number is 8. Configure this when you create a new node or edit the settings of an existing node. Each time you access a node, the credentials for that node are validated.
Credential Validation	Green check mark indicates valid. Red X indicates a problem.
Add-on Validation	Green check mark indicates valid. Red X indicates a problem. Add-on Validation validates that all the Add-ons are installed on the node. It does not validate the build number of the installed apps.

Virtual Centers panel

Look here for details on how to add, delete, and edit vCenter settings.

Field	Description
+	Add a new Virtual Center.
nodes	vCenter Servers configured in your environment. The status of a vCenter is always displayed. A green check box indicates that the node has passed all the validation checks. A red x indicates that there is a problem.
Virtual Center Domain	This is the domain name of the selected vCenter, for example, `test-vcenter100`. Specify the full protocol and the port number for the management URI. Do this in the Collect from New Virtual Center pop-up.
Sync	Run validation on the selected vCenter.
Pencil	Edit settings for the selected vCenter.
Trash can	Delete the selected vCenter.
VC Username	The username for the selected vCenter. The default username is `admin`.
Collecting from	This is a number that links to the list of hosts that you have configured to collect data. Click on the link to show the host list.
VC Credential validation	A green check mark indicates a valid credentials check. A red X indicates a problem accessing the vCenter.

Stop Schduler/ Start Scheduler - Click this button to start collecting data from your environment. Note that if the Distributed Collection Scheduler is running and you want to add another vCenter to the Collection Configuration, stop the Distributed Collection Scheduler and restart it so that the new vCenter can be included.

Create New Collection Node

Field	Description
Splunk Forwarder URI	This is the URI to the Splunk forwarder on your data collection node. Communication happens on port 8089. Enter the URI in the format https://<ipaddress>:8089
Splunk Forwarder Username	The forwarder username.
Splunk Forwarder password	The forwarder password.
Worker Processes	These are the worker processes that run on the node to do data collection tasks. They are managed directly by the Distributed Collection Scheduler. The maximum number you can have is 8 unless you do some advance configuration.

Collect from New Virtual Center

Field	Description
Virtual Center FQDN	Fully qualified domain name for the vCenter.
VC username	The username used to access the vCenter.
VC Password	This is the password for the vCenter.
Collect VC logs	vCenter logs are not collected by default. Check the box to collect vCenter logs. More fields are displayed to gather the required information needed to collect the data. Provide the vCenter Splunk forwarder URI (specify the full protocol (https is required), the address, and the port number for the management URI) Provide the associated vCenter Splunk forwarder username and password. This is used to enable the search head to configure TA-vCenter on the vCenter.
VC Splunk forwarder URI	For example: https://test-vcenter100:8089 Universal Forwarders have a default port of 8089 (Sometimes on Windows port 8090 is used as the Splunk managment port).
VC Splunk forwarder Username	For example, the default admin.
VC Splunk forwarder password	For example, the default changeme. When installing a forwarder on the vCenter, change the Splunk admin default password.
Collect from all hosts	Check the box to collect data from all hosts managed by the vCenter. When the box is unchecked you can specify the hosts you want to include in your environment. The Host Whitelist Regex and Host Blacklist Regex fields are displayed to enable you to filter host selection.
Host Whitelist Regex	Only available if "Collect from all hosts" is not selected. Use regex syntax. This only has an impact on performance data collection. It provides more control over the granularity of data collection from the hosts. Data is only collected from the hosts matching the criteria specified here.
Host Blacklist Regex	Only available if "Collect from all hosts" is not selected. Use Regex syntax. This only has an impact on performance data collection. It provides more control over the granularity of the data collected from the hosts. Data is not collected from the hosts matching the criteria specified here.

Related answers from Splunk Community

The Collection Configuration dashboard

The Data Collection Nodes panel

Virtual Centers panel

Create New Collection Node

Collect from New Virtual Center

Comments

The Collection Configuration dashboard

Was this topic useful?