Splunk® App for VMware (Legacy)

Installation Guide

On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for VMware (Legacy). For documentation on the most recent version, go to the latest release.

Configure the data collection node and system settings

Update the DCN settings so that it works with the Splunk App for VMware. When you used vCenter Server to deploy the OVA file, you created one or more Data Collection Node (DCNs) for your environment. See "Deploy OVA to create a Data Collection Node".

Note: In a Search Head Clustering (SHC) deployment, the DCN Scheduler must not be deployed on any individual Search Head in the SHC. The DCN Scheduler must be deployed on a dedicated search head.

Configure the DCN system settings

To maintain a successful connection to the Splunk Enterprise search head, configure the DCN virtual appliance to use a static IP address and host name.

  1. Log in to the DCN. Use the default DCN login credentials to make operating system level changes. The default credentials are root/changemenow.
  2. Connect to the data collection node.
    • If you have DHCP on your network, when you first power on the DCN it shows a temporary IP address. You can find the IP address through the vCenter console Summary page for the virtual machine. Use SSH to remotely connect to the DCN.
    • If the network can not automatically assign an IP address to the DCN on start up, or if you cannot access the DCN using SSH, open a vCenter console to connect to the DCN virtual machine.
  3. Set the root password to a secure value.
    passwd
  4. Manually configure the host name, IP address, and network settings for the DCN.
  5. Write a static IP address and netmask to the file /etc/sysconfig/network-scripts/ifcfg-eth0.
    cd /etc/sysconfig/network-scripts
    echo DEVICE=eth0 > ifcfg-eth0
    echo ONBOOT=yes >> ifcfg-eth0
    echo BOOTPROTO=static >> ifcfg-eth0
    ifconfig eth0 | grep HWaddr | sed -e 's/.*HWaddr /HWADDR=/' >> ifcfg-eth0
    echo IPADDR=[your IP address] >> ifcfg-eth0
    echo NETMASK=[your netmask] >> ifcfg-eth0
    cat /etc/sysconfig/network-scripts/ifcfg-eth0 
  6. Configure network settings.
    cd /etc/sysconfig
    echo NETWORKING=yes > network
    echo HOSTNAME=[your hostname] >> network
    echo GATEWAY=[your gateway] >> network
    cat /etc/sysconfig/network
  7. Configure the Domain Name System (DNS).
    echo "search yourdomain.com" > /etc/resolv.conf
    echo "nameserver [IP address of your nameserver]" >> /etc/resolv.conf
    echo "nameserver [IP address of your nameserver]" >> /etc/resolv.conf
    cat /etc/resolv.conf
  8. Restart the DCN to accept the new configuration settings.
    reboot
    Next, configure the DCNs to work with Splunk Enterprise.

    Configure the DCN for your Splunk Enterprise environment

    You configured the Data Collection Node (DCN) system settings, as described in Configure the data collection node and system settings . Now configure the Splunk Enterprise connection settings for each DCN that you deployed in your environment.

    1. Use SSH to remotely connect to to the DCN using the Splunk Enterprise admin operating system credentials splunkadmin/changeme.
    2. Set the splunkadmin password to a secure value.
    3. From the command line, start Splunk Enterprise.
      splunk start --accept-license
    4. Enable Splunk Enterprise to start at reboot.
      splunk enable boot-start
    5. Set outputs to use Splunk Enterprise indexers. For each data collection node, set up forwarding to the port on which the Splunk indexer is configured to receive data. By convention, indexers listen on port 9997.
    6. Check that your indexers are listening on port 9997, or whichever port you set for the data collection node outputs.
      splunk add forward-server <ip_address:9997>
    7. Confirm that the outputs you configured are correct.
      splunk list forward-server
    8. Change the password of the admin user account. These user credentials enable you to connect to Splunk Enterprise.
      splunk edit user admin -role admin -auth admin:changeme -password <new_password>
    9. Restart Splunk Enterprise.
      splunk restart
    10. Log out of the DCN.

    Next, log in to the Splunk search head and configure the data collection node to collect API data from your vCenter environment. See "Configure Splunk App for VMware to collect data from vCenter Server".

    Configure the Splunk OVA to a partition (Optional)

    If your Splunk OVA needs more than 10GB of storage space, create a partition on the OVA machine, and have SPLUNK_DB point to that partition.

    1. Create a new partition on the OVA machine.
    2. Point SPLUNK_DB to your new partition.

    After your partition is created, point SPLUNK_DB to the partition. To learn how to point SPLUNK_DB to your new partition, see Move the index database.

Last modified on 29 September, 2016
Deploy the Splunk OVA for VMware to create a Data Collection Node   Configure Splunk App for VMware to collect data from vCenter Server

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters