Getting Data In

Why am I unable to collect Syslogs for VMWare 5.5.0 on Splunk 6.2.1?

New Member

Hi Everyone,

I have a problem to collect Syslogs for VMWare 5.5 on Splunk 6.2.1 that is installed in a Linux Virtual Machine (ElementaryOS version 0.2.1).

So, I executed the steps on the tutorials below:

However, I am always having the same problem.


Someone's been through a similar situation and could help me?

0 Karma

Path Finder

I ran into this problem.

I installed the DCN, the connections all checked out green, and I was ready to go. I did a search and my VMwre app dashboard all came up with data. Brillant, so far.

The Data Collection Node (DCN) that comes with Splunk has a 5GB disk. The default for for the dispatcher for doing searches is 5GB. What happened to me is that the VMware app came up, populated the dashboards, and then never collected another thing. The reason, revealed by tailing the splunkd.log file on the DCN is that there was not enough space on the virtual disk drive on the DCN VM. I solved it by having the VM admin up the space available to $SPLUNK_HOME directory on the DCN. Ultimately, I rolled my own DCN because the VMWare schema couldn't (or wouldn't) grow the VM directory. Splunk was in /home/splunk vice /opt/splunk. oh well.

The other possible solution is to change the minimum disk space required for the dispatcher in Splunk when conduction searches. You could lower it to 2 GB and then start getting search data back. If you problem is similar to the one I encountered, this might help.

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...