Splunk® App for VMware (Legacy)

Installation Guide

Acrobat logo Download manual as PDF


On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Configure the data collection node and system settings

Update the DCN settings so that it works with the Splunk App for VMware. When you used vCenter Server to deploy the OVA file, you created one or more Data Collection Node (DCNs) for your environment. See "Deploy OVA to create a Data Collection Node".

Note: In a Search Head Clustering (SHC) deployment, the DCN Scheduler must not be deployed on any individual Search Head in the SHC. The DCN Scheduler must be deployed on a dedicated search head.

Configure the DCN system settings

To maintain a successful connection to the Splunk Enterprise search head, configure the DCN virtual appliance to use a static IP address and host name.

1. Log in to the DCN. Use the default DCN login credentials to make operating system level changes. The default credentials are root/changemenow.

2. Connect to the data collection node.

  • If you have DHCP on your network, when you first power on the DCN it shows a temporary IP address. You can find the IP address through the vCenter console Summary page for the virtual machine. Use SSH to remotely connect to the DCN.
  • If the network can not automatically assign an IP address to the DCN on start up, or if you can not access the DCN using SSH, open a vCenter console to connect to the DCN virtual machine.

3. Set the root password to a secure value.

passwd

4. Manually configure the host name, IP address, and network settings for the DCN.

a. Write a static IP address and netmask to the file /etc/sysconfig/network-scripts/ifcfg-eth0.
cd /etc/sysconfig/network-scripts
echo DEVICE=eth0 > ifcfg-eth0
echo ONBOOT=yes >> ifcfg-eth0
echo BOOTPROTO=static >> ifcfg-eth0
ifconfig eth0 | grep HWaddr | sed -e 's/.*HWaddr /HWADDR=/' >> ifcfg-eth0
echo IPADDR=[your IP address] >> ifcfg-eth0
echo NETMASK=[your netmask] >> ifcfg-eth0
cat /etc/sysconfig/network-scripts/ifcfg-eth0 
b. Configure network settings.
cd /etc/sysconfig
echo NETWORKING=yes > network
echo HOSTNAME=[your hostname] >> network
echo GATEWAY=[your gateway] >> network
cat /etc/sysconfig/network
c. Configure the Domain Name System (DNS).
echo "search yourdomain.com" > /etc/resolv.conf
echo "nameserver [IP address of your nameserver]" >> /etc/resolv.conf
echo "nameserver [IP address of your nameserver]" >> /etc/resolv.conf
cat /etc/resolv.conf
d. Restart the DCN to accept the new configuration settings.
reboot

Next, configure the DCNs to work with Splunk Enterprise. See "Configure the DCN for your Splunk Enterprise environment ."

Configure the DCN for your Splunk Enterprise environment

You configured the Data Collection Node (DCN) system settings, as described in "Configure the data collection node and system settings ". Now configure the Splunk Enterprise connection settings for each DCN that you deployed in your environment.

1. Use SSH to remotely connect to to the DCN using the Splunk Enterprise admin operating system credentials splunkadmin/changeme. These credentials have the $SPLUNK_HOME and path settings that allow you run Splunk Enterprise commands from the command line interface.

2. Set the splunkadmin password to a secure value.

3. From the command line, start Splunk Enterprise.

splunk start --accept-license

4. Enable Splunk Enterprise to start at reboot.

splunk enable boot-start

5. Set outputs to use Splunk Enterprise indexers. For each data collection node, set up forwarding to the port on which the Splunk indexer(s) is configured to receive data. By convention, indexers listen on port 9997. Check that your indexers are listening on port 9997, or whichever port you set for the data collection node outputs.

splunk add forward-server <ip_address:9997>

6. Confirm that the outputs you configured are correct.

splunk list forward-server

7. Change the password of the admin user account. These user credentials enable you to connect to Splunk Enterprise.

splunk edit user admin -role admin -auth admin:changeme -password <new_password>

8. Restart Splunk Enterprise.

splunk restart

9. Log out of the DCN.

Next, log in to the Splunk search head and configure the data collection node to collect API data from your vCenter environment. See "Configure Splunk App for VMware to collect data from vCenter Server".

Configure the Splunk OVA to a partition (Optional)

if your Splunk OVA needs more than 10GB of storage space, you need to create a new partition on the OVA machine, and have SPLUNK_DB point to that partition.

1. Create a new partition on the OVA machine

Go to Managing Disk Storage to learn how to create a new partition.

2. Point SPLUNK_DB to your new partition

Once your new partition has been created, point SPLUNK_DB to the newly-created partition. To learn how to point SPLUNK_DB to your new partition, read "Move the index database".

Last modified on 22 June, 2016
PREVIOUS
Deploy OVA to create a Data Collection Node 		  NEXT
Configure Splunk App for VMware to collect data from vCenter Server

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.2.1, 3.2.2

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters