All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

VMware app 2.0- ESXi host authentication through vCenter?

kamilsamaj
Engager
‎02-13-2013 01:54 AM

I'm trying to use Splunk VMware app 2.0 and I'm trying to get data from ESXi hosts. I found a complication that the VMware app requires local accounts on each ESXi host to be able to perform TaskDiscovery, EventDiscovery, LogDiscovery and PerfDiscovery. I wonder if it's possible to connect to the ESXi hosts through vCenter, something like with "resxtop --server --vihost " to get all ESXi related metrics.

The reason, why I'm asking, is that I don't like the idea of using special local accounts on each ESXi host. The teams' responsibilities are strictly defined and Splunk admins are not admins of ActiveDirectory domains. To change a password every few weeks/months would require an effort of multiple people to deliver new credentials file to Splunk admins and update all ESXi hosts. Also the security policy is quite strict about that, Active Directory is much better choice.

Reply

bensontan
Explorer
‎02-20-2013 07:14 PM

For VMware topology, it is bottleneck to get all perf data from vcenter.

There's no limitation that you cannot get perf data from vcenter on settings, but it is not recommended as it normally introduce lost data.

0 Karma
Reply

jonuwz
Influencer
‎02-13-2013 09:09 AM

It does get some resource pool and cluster performance data from vCenter. I've been unable to get any perf data from the ESX servers themselves despite creating the accounts.
I've got a bunch of configurable perl scripts using the vmware SDK to gather those metrics.
The new interface is pretty cool though

0 Karma
Reply

kamilsamaj
Engager
‎02-13-2013 06:04 AM

I also expected all data being accessible through vCenter. But the VMware app 2.0 forces me to go directly to ESXi host to get performance statistics, logs, events and tasks. I've deployed the app according to the official guide http://docs.splunk.com/Documentation/VMW/latest/Install/AudienceandFeatures. The guide tells you how to configure ESX monitoring, you just list which ESX hosts you want to monitor. But this suite directly goes to ESX hosts, you can see the URL in the generated inputs files, e.g. https://10.1.1.2/sdk/webService (10.1.1.2 is an IP address of an ESX host).

0 Karma
Reply

jonuwz
Influencer
‎02-13-2013 05:07 AM

+1 I would love to know why you need to connect to the ESX servers directly.
All the logs / perf metrics are available through vCenter anyway.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...