I am finding it difficult to tell the difference between 'splunk app for vmware', and 'splunk add-on for vmware'. Could someone explain? Do I need one or the other, or both?
We're looking to use splunk to collect logs from our vCenters and ESXi hosts.
As bbingham said, the add-ons enable data collection and mapping. The app is what you use to search, analyze, and report on that data.
See Installation overview in the Splunk App for VMware Installation Guide for information about what the deployment for this solution looks like.
Splunk labels apps and data-gathers different. In this case, the splunk app for vmware, is the app you'd place on your search head to actually view the data captured by 'splunk add-on for vmware'. In the splunkapp store, you'll find several other add-ons, they are always meant to get data into splunk and understand that data.
In your case for what you're after, you'll want both to effectively capture and monitor your esx hosts.
Do you know if the Add-On for VMWare be used on it's own to collect the data and then use Search & Reporting to analyze it? Or is that data really only available if you have the app for vmware?
It appears there is a cost to use the App for VMWare so before seeking approvals to that end I want to know if it's absolutely necessary.