Splunk® App for VMware (Legacy)

Installation and Configuration Guide

On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy). For documentation on the most recent version, go to the latest release.

The Collection Configuration dashboard

The Data Collection Nodes panel

Look here for more details and explanation on adding, deleting, and editing data collection nodes.

Field Description
+ Add a new node.
node box Nodes configured in your environment. The nodes may or may not be working. The status of a node is always displayed. A green check box indicates that the node has passed all the validation checks. A red x indicates that something is wrong.
Node management URI This is the URI of the selected node. Validation is enforced on the device management URI as Splunk expects a certain protocol. You must specify the full management URI of the Splunk installation. This is comprised of the protocol (https is required) , the address, and the port number for the management URI. For example, <code>https://testnode1:8089</code>. Do this in the Create new Collection Node dialog.
Sync Run validation on the node.
Pencil Edit settings for the selected node.
Trash can Delete the selected node.
Splunk Forwarder Username The username for the selected node. The default username is admin.
Worker processes This is the number of processes you want to run on the Data Collection Node to process the data and forward it to the Indexer(s). This is remote forwarder management. The minimum number of processes you can run in 1 and the maximum number is 8. Configure this when you create a new node or edit the settings of an existing node.

Each time you access a node, the credentials for that node are validated.

Credential Validation Green check mark indicates valid. Red X indicates a problem.
Add-on Validation Green check mark indicates valid. Red X indicates a problem. Add-on Validation validates that all the Add-ons are installed on the node. It does not validate the build number of the installed apps.

Virtual Centers panel

Look here for details on how to add, delete, and edit vCenter settings.

Field Description
+ Add a new Virtual Center.
nodes vCenter Servers configured in your environment. The status of a vCenter is always displayed. A green check box indicates that the node has passed all the validation checks. A red x indicates that there is a problem.
Virtual Center Domain This is the domain name of the selected vCenter, for example, test-vcenter100. Specify the full protocol and the port number for the management URI. Do this in the Collect from New Virtual Center pop-up.
Sync Run validation on the selected vCenter.
Pencil Edit settings for the selected vCenter.
Trash can Delete the selected vCenter.
VC Username The username for the selected vCenter. The default username is admin.
Collecting from This is a number that links to the list of hosts that you have configured to collect data. Click on the link to show the host list.
VC Credential validation A green check mark indicates a valid credentials check. A red X indicates a problem accessing the vCenter.


Stop Schduler/ Start Scheduler - Click this button to start collecting data from your environment. Note that if the Distributed Collection Scheduler is running and you want to add another vCenter to the Collection Configuration, stop the Distributed Collection Scheduler and restart it so that the new vCenter can be included.

Create New Collection Node

Field Description
Splunk Forwarder URI This is the URI to the Splunk forwarder on your data collection node. Communication happens on port 8089. Enter the URI in the format
https://<ipaddress>:8089
Splunk Forwarder Username The forwarder username.
Splunk Forwarder password The forwarder password.
Worker Processes These are the worker processes that run on the node to do data collection tasks. They are managed directly by the Distributed Collection Scheduler. The maximum number you can have is 8 unless you do some advance configuration.

Collect from New Virtual Center

Field Description
Virtual Center FQDN Fully qualified domain name for the vCenter.
VC username The username used to access the vCenter.
VC Password This is the password for the vCenter.
Collect VC logs vCenter logs are not collected by default. Check the box to collect vCenter logs. More fields are displayed to gather the required information needed to collect the data.
  • Provide the vCenter Splunk forwarder URI (specify the full protocol (https is required), the address, and the port number for the management URI)
  • Provide the associated vCenter Splunk forwarder username and password. This is used to enable the search head to configure TA-vCenter on the vCenter.
VC Splunk forwarder URI For example:
https://test-vcenter100:8089

Universal Forwarders have a default port of 8089 (Sometimes on Windows port 8090 is used as the Splunk managment port).

VC Splunk forwarder Username For example, the default admin.
VC Splunk forwarder password For example, the default changeme. When installing a forwarder on the vCenter, change the Splunk admin default password.
Collect from all hosts Check the box to collect data from all hosts managed by the vCenter. When the box is unchecked you can specify the hosts you want to include in your environment. The Host Whitelist Regex and Host Blacklist Regex fields are displayed to enable you to filter host selection.
Host Whitelist Regex Only available if "Collect from all hosts" is not selected. Use regex syntax. This only has an impact on performance data collection. It provides more control over the granularity of data collection from the hosts. Data is only collected from the hosts matching the criteria specified here.
Host Blacklist Regex Only available if "Collect from all hosts" is not selected. Use Regex syntax. This only has an impact on performance data collection. It provides more control over the granularity of the data collected from the hosts. Data is not collected from the hosts matching the criteria specified here.
Last modified on 05 April, 2014
How Splunk for VMware works   Data collection configuration files

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters