Splunk® App for VMware

Installation Guide

Download manual as PDF

Download topic as PDF

Collect VMware vCenter Server Linux Appliance log data

Use Splunk App for VMware with the Splunk Add-on for VMware to collect logs from the VMware vCenter Server Linux Appliance. The Splunk Add-on for VMware stores VMware vCenter Server Linux Appliance logs in /var/log/vmware.

Export vCenter logs to an external system

  1. Enable the VMware vCenter Server Appliance to store log files on NFS storage on a system on which you have installed Splunk Enterprise as a heavy forwarder or as a light forwarder. See the "Create NFS Datastore in the vSphere Client" in the VMware vSphere documentation.
  2. On the system on which you have installed the Splunk Enterprise forwarder, install Splunk_TA_vCenter.
  3. Copy the inputs.conf file from $SPLUNK_HOME/etc/Splunk_TA_vCenter/default then paste it into the $SPLUNK_HOME/etc/Splunk_TA_vCenter/local folder and open file.
  4. Optional If you configured Splunk Enterprise as a heavy forwarder and you want to monitor the license file and and tomcat configuration files, edit the following stanzas in the props.conf file:
    a. Copy the $SPLUNK_HOME/etc/Splunk_TA_vCenter/default/props.conf file, then paste into the $SPLUNK_HOME/etc/Splunk_TA_vCenter/local folder.
  5. Start Splunk Enterprise.


Forward VMware vCenter Linux appliance logs to Splunk Enterprise

To forward VMware vCenter Linux appliance logs to your Splunk Enterprise indexers or search head, install a Splunk Enterprise forwarder on the VMware vCenter Linux appliance. Access to vCSA shell access must be enabled.

  1. Install a Splunk forwarder on the VMware vCenter Server Appliance.
  2. Install Splunk_TA_vCenter on the Splunk Enterprise forwarder.
    1. Get the Splunk_TA_vcenter-<version>-<build_number>.zip file from the download package and place it on vCenter.
    2. Unzip the Splunk App for VMware package.
    cd /opt/splunkforwarder
    Splunk_TA_vcenter-<version>-<build_number>.zip
    1. Verify that you extracted the Splunk_TA_vcenter/… in the $SPLUNK_HOME/etc/apps directory.
  3. Copy the inputs.conf file from $SPLUNK_HOME/etc/Splunk_TA_vCenter/default then paste it into the $SPLUNK_HOME/etc/Splunk_TA_vCenter/local folder and open file.
  4. Start your Splunk Universal Forwarder.
Last modified on 12 September, 2017
PREVIOUS
Configure Splunk App for VMware to collect data from vCenter Server
  NEXT
Troubleshoot Splunk App for VMware

This documentation applies to the following versions of Splunk® App for VMware: 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.7


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters