All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

VMWare App vs. vCenter Operations Manager

stepmmx
Path Finder
‎11-27-2012 05:59 AM

Does anyone have some experience with both of the tools?

What Are Pros and Cons?

Thanks in Advance

Reply

pbalakrishnan
Splunk Employee
Splunk Employee
‎05-10-2013 01:45 PM

The ESX/i servers generate performance data every 20 seconds. And VC usually stores this for 1-2 hours (configurable) after which it starts rolling them up into summaries. After 24 hours, these are further aggregated. The Splunk App for VMware collects and indexes these performance metrics at 20-second granularity and can persist them in that granular format for long periods of time.

The App also collects logs from ESX/i hosts and VCs which is unique to Splunk. Why is this important? There are certain things you can only get from logs - say things like duplicate IPs, SCSI reservation errors, vProb errors, lost connectivities and so on. Without access to logs, you're pretty much in the dark regarding these unique exceptions.

This App also provides visibility into configuration changes, migrations over time, security insights... Other tools require you to install add-on components to get this level of configuration visibility, which only costs you more licenses. This App has also focused on usability providing interactive topology maps, drill downs into granular metrics and log browsers to easily navigate your logs.

The Splunk App is incredibly customizable. While it provides powerful visualizations and ships with out-of-the-box thresholds for all the performance counters, you can easily extend and customize it's capabilities by modifying existing out-of-the-box searches/thresholds/reports or writing your own searches. And this is what makes Splunk very flexible - it's ad-hoc reporting capabilities allows you to use it across a variety of use-cases like performance troubleshooting, capacity planning, security analysis, change monitoring, asset reporting, usage analysis - just about anything you can think of.

Lastly and most importantly, Splunk is for more than just the virtual layer. Usually you need visibility into cross IT tiers to determine if you have a problem with storage or applications or OS or network… Splunk can index data across any and all of these tiers and thus easily allows you to correlate the data and make those connections to truly get that end-to-end visibility. While there are options to use connectors with vcops too, these are incredibly expensive to do.

Feel free to ping me should you have further questions / clarifications.

Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...