All Apps and Add-ons

VMware app 2.0- ESXi host authentication through vCenter?

kamilsamaj
Engager

I'm trying to use Splunk VMware app 2.0 and I'm trying to get data from ESXi hosts. I found a complication that the VMware app requires local accounts on each ESXi host to be able to perform TaskDiscovery, EventDiscovery, LogDiscovery and PerfDiscovery. I wonder if it's possible to connect to the ESXi hosts through vCenter, something like with "resxtop --server --vihost " to get all ESXi related metrics.

The reason, why I'm asking, is that I don't like the idea of using special local accounts on each ESXi host. The teams' responsibilities are strictly defined and Splunk admins are not admins of ActiveDirectory domains. To change a password every few weeks/months would require an effort of multiple people to deliver new credentials file to Splunk admins and update all ESXi hosts. Also the security policy is quite strict about that, Active Directory is much better choice.

bensontan
Explorer

For VMware topology, it is bottleneck to get all perf data from vcenter.

There's no limitation that you cannot get perf data from vcenter on settings, but it is not recommended as it normally introduce lost data.

0 Karma

jonuwz
Influencer

It does get some resource pool and cluster performance data from vCenter. I've been unable to get any perf data from the ESX servers themselves despite creating the accounts.
I've got a bunch of configurable perl scripts using the vmware SDK to gather those metrics.
The new interface is pretty cool though

0 Karma

kamilsamaj
Engager

I also expected all data being accessible through vCenter. But the VMware app 2.0 forces me to go directly to ESXi host to get performance statistics, logs, events and tasks. I've deployed the app according to the official guide http://docs.splunk.com/Documentation/VMW/latest/Install/AudienceandFeatures. The guide tells you how to configure ESX monitoring, you just list which ESX hosts you want to monitor. But this suite directly goes to ESX hosts, you can see the URL in the generated inputs files, e.g. https://10.1.1.2/sdk/webService (10.1.1.2 is an IP address of an ESX host).

0 Karma

jonuwz
Influencer

+1 I would love to know why you need to connect to the ESX servers directly.
All the logs / perf metrics are available through vCenter anyway.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...