Getting Data In

Splunk VMWare Addon - No Hydra Workers

ifeldshteyn
Communicator

I've installed a VM Ware OVA DCN. I successfully hooked it up to Vcenter and got a list of 30+ hosts. However, anytime I try to get any data I keep getting errors "Attempted to assign jobs but we have no active workers to assign to. Restarting Scheduler..."

Looked at the raw hydra coda it seems like I am getting an empty node manifest and zero nodes are available. I am def missing something here.

I assume the procedure is

  1. install VM Ware add on OVA. (Complete)
  2. Hook it up VCenter (Complete)
  3. Forward data to Splunk (Complete - I tested adding log files on the OVA install, they successfully fwd data to Splunk).

But for some reason Hydra refuses to find any workers.

As an aside, is there perhaps an easier way to forward ESXI node data to Splunk? Something more trivial than these OVA add-ons ?

Thanks!

0 Karma

myriadic
Path Finder

in the vmware addon you have a scheduler, which you hook up to vmware (which you did), then DCNs, or data collection nodes, which do the actual pulling of data. this can be the same box that's a scheduler (just point to localhost) or another splunk HF. have you assigned any boxes to be a DCN, yet?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...