Splunk® App for VMware (Legacy)

Configuration Guide

On August 31, 2022, the Splunk App for VMware will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for VMware Dashboards and Reports.

Configure and deploy the Splunk App for VMware

Configure and deploy the Splunk App for VMware either as a single-server deployment or as a distributed deployment.

Single server deployment

Install the Splunk App for VMware and the Splunk Add-on for VMware on a single Splunk platform indexer or search head. The server communicates to data collection nodes to collect vCenter Server API data.

Distributed deployment

In a distributed deployment, the components of the Splunk App for VMware and the Splunk Add-on for VMware are installed across your search heads, indexers and forwarders. The data collection node forwards the data to the indexers. Use the search head to search the data and to view the app dashboards.

Data collection architecture

After you install Splunk Add-on for VMware, configure the Collection Configuration dashboard to collect data from your environment. This dashboard lets you manage the data collection nodes and specify the vCenter Servers and ESXi hosts from which you collect data.

A data collection node collects API data from vCenter Server. Worker processes on the data collection node, implemented as modular inputs, retrieve the data. Use the Collection Configuration dashboard to collect data so that the data collection node can send data to your indexers.

To collect API data, install Splunk App for VMware on a Splunk Enterprise search head. This installation must include the app, the technology add-ons, and the supporting add-ons. It must also include the scheduling components that manage data collection tasks for the API data. The Collection Configuration dashboard coordinates the flow of data with the data collection nodes

An example deployment of the Splunk App for VMware

A typical deployment contains the following components.

Component Description
vCenter Server The VMware vCenter Server system that manages your virtual infrastructure. It monitors and manages the ESXi hosts in your environment. The Splunk App for VMware uses the VMware vSphere API to get data from vCenter Server. The data collection node communicates with the vCenter Server API to collect data. Install a Splunk Universal Forwarder on vCenter Server to collect vCenter Server data.
ESXi hosts Virtual hosts that run on the VMware ESXi hypervisor architecture. vCenter Server monitors and manages these hosts.
Splunk platform search head Install the Splunk App for VMware and the Splunk Add-on for VMware on a search head running Splunk Enterprise version 7.1.0 or later, and use Splunk Web to run searches on the data and view the app dashboards. The default scheduled searches run on the search head to query data on the indexers. The search head stores the search results for later use or displays the results in the app dashboards. The app contains the UI components, the searches, and the indexing definitions for your vCenter Server data. The app installation includes the Distributed Collection Scheduler (SA-Hydra version 4.1.1) and SA-VMNetAppUtils version 1.0.6. Splunk App for VMware cannot schedule jobs without the SA-Hydra component.
Splunk indexer A Splunk platform instance, see the Component version compatibility table on the Platform and hardware requirements page for platform instance version compatibility. Install Install SA-VMWIndex, Splunk_TA_vcenter and Splunk_TA_esxilogs on each of your indexers.
Data Collection Node (DCN) Makes API calls to the vCenter Server to collect data from it. The DCN must have network access both to your vCenter server and the search head that hosts the Collection Configuration dashboard. You can create a DCN with the Splunk OVA for VMware to deploy a Data Collection Node in your VMware vSphere environment. See the Requirements section of the Splunk OVA for VMware manual for package contents.
Collection Configuration dashboard Runs on a Splunk platform search head in stand alone environments, or on a separate machine where the Splunk Add-on for VMware has been configured as a scheduler.

It uses one or more DCNs to manage API data collection from vCenter server. After you deploy a DCN, use the Collection Configuration dashboard to configure the DCN for data collection. In large, complex Splunk platform deployments, install the Distributed Collection Scheduler on a dedicated Splunk Enterprise instance to distribute the data collection load.

Build your deployment

Once you have the deployment described above, use this Configuration Guide to build a deployment that best meets your needs.

Get support for Splunk App for VMware

To get help with Splunk App for VMware,

Last modified on 13 April, 2022
  Learn more and how to get help

This documentation applies to the following versions of Splunk® App for VMware (Legacy): 4.0.4

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters