Splunk® Supported Add-ons

Splunk Add-on for vCenter Logs

Set up your system for the Splunk Add-on for vCenter Logs

Configure ports to collect log data from the vCenter server

Review this information on how the entities in an environment communicate.

Sender Receiver Port number Description
vCenter server Splunk indexer 9997 To send log data from the vCenter Server system on port 9997, install the Splunk universal forwarder and the Splunk_TA_vcenter package on the vCenter Server system. If firewall issues prevent you from installing the Splunk Add-on for vCenter Logs components on vCenter Server, forward the vCenter Server log data to the data collection node (DCN). The DCN contains all of the components required to collect vCenter Server log data. Forward this data from the DCN to Splunk indexers.
vCenter server DCN/syslog server TCP port 1517 To send log data from vCenter Linux Server on port 1517 use Syslog-ng/rsyslog. See Collect vCenter Server Appliance logs via syslog<add-link>

Set up add-on dependencies

The Splunk Add-on for vCenter logs receives the vCenter logs data via syslog/universal forwarder installed on the vCenter server and the data is ingested in the vmware-vclog index. The definition for the required index is present in the Splunk Add-on for VMware Metrics Indexes package or the Splunk Add-on for VMware Indexes package. If you are using Splunk Add-On for VMware Metrics you have to install the indexes package by following the Install and Configure Splunk Add-on for VMware Metrics Indexes steps. If you are using Splunk Add-On for VMware you have to install the indexes package by following the Install and Configure Splunk Add-on for VMware Indexes steps.

Last modified on 21 July, 2021
Installation and configuration overview for the Splunk Add-on for vCenter Logs   Install the Splunk Add-on for vCenter Logs

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters