Hi,
I've inherited a splunk server that was setup to receive to vmkwarning files from around 20 ESX hosts.
Recently i built another 5 hosts running ESX5 that i'd like to also get the vmkwarning files sent to the splunk server, what's the best guide to show me how to do this ?
I presume some kind of splunk forwarding agent has to reside on the ESX host ?
Thanks
Any further thoughts here guys ?
Yes, you'll need to install a splunk forwarder on the ESX host. Then you'll set up file monitoring. Take a look at one of your existing ESX server forwarders. You should find settings in
http://docs.splunk.com/Documentation/Splunk/5.0/Deploy/Deploymentoverview
http://docs.splunk.com/Documentation/Splunk/5.0/Data/Monitorfilesanddirectories
I've just checked on a couple of ESX hosts that the splunk server is collecting log information from and did a global find for both outputs.conf and inputs.conf, nothing was returned. What is the default location for the splunk forwarders on a ESX node ?