Configure performance metrics collection
Manage data volumes for your deployment
Control the type and quantity of data that comes into the Splunk App for VMware. Collecting the correct type of data and limiting the quantity of data that you collect are important because data volumes can affect your licensing requirements.
Typically, Splunk App for VMware collects approximately 300MB of data per host per day.
See "Data volume requirements" in this topic for information on how to calculate the estimated peak data volume for your environment.
As a systems administrator, you can limit data volume in the following ways.
- Reduce the number of hosts from which you collect data.
- Reduce the number of performance metrics you collect.
- Use NullQueue to filter log data.
Data volume requirements
Test results show that you can expect to collect approximately 300 MB of data per host per day from your environment. This number varies depending on the volume of log data you collect and the number of virtual machines that reside on a host. In a typical environment this number lies between 250MB-350MB. See the information below for further details.
Collected data type | Data volume |
---|---|
Total vCenter logs | 15 MB of data per host per day per vCenter. For example, 750MB in a 50 host environment. |
ESXi host logs | 185 MB of data per host per day. (In a typical environment this number can range from 135MB to 235M of data, but it can vary widely depending on your environment). |
Total API data per host | 10 MB of data per host per day. |
Total API data per virtual machine | 3 MB of data per day, |
Configure the performance metrics collected
Configure performance metrics collection using regular expressions in the configuration file ta_vmware_collection.conf
on the scheduler. The Distributed Collection Scheduler resides on the search head, or on a separate machine in order to distribute processing load. By default, all performance metrics are collected. See "Collection configuration reference" to see a sample ta_vmware_collection.conf
file.
To change the default configuration, create the file
SPLUNK_HOME/etc/apps/Splunk_TA_vmware/local/ta_vmware_collection.conf
.
SPLUNK_HOME/etc/apps/Splunk_TA_vmware/default/ta_vmware_collection.conf
lists all of the settings.
Set whitelists for performance metrics for hosts, virtual machines, resource pools and clusters in the configuration file.
The file must have a default
stanza followed by one or more of the following configurations.
- Host metrics. Set a regular expression for the attribute host_instance_whitelist.
- Virtual machine metrics. Set a regular expression for the attribute vm_instance_whitelist.
- Resource pool metrics. Set a regular expression for the attribute rp_instance_whitelist.
- Cluster metrics. Set a regular expression for the attribute cluster_instance_whitelist.
The following code sample shows a configuration that limits host and virtual machine performance metrics to CPU metrics only.
[default] host_instance_whitelist = ^p_[^_]*_cpu.* vm_instance_whitelist = ^p_[^_]*_cpu.*
Filter log data collection | Configure data collection for hosts |
This documentation applies to the following versions of Splunk® App for VMware (Legacy): 3.3.1
Feedback submitted, thanks!