Getting Data In

Why am I unable to collect Syslogs for VMWare 5.5.0 on Splunk 6.2.1?

heinerramos
New Member

Hi Everyone,

I have a problem to collect Syslogs for VMWare 5.5 on Splunk 6.2.1 that is installed in a Linux Virtual Machine (ElementaryOS version 0.2.1).

So, I executed the steps on the tutorials below:
1) http://wiki.splunk.com/Community:VMwareESXSyslog
2) http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200332...

However, I am always having the same problem.

THE LOGS ARE NOT TRANSMITTED IN ANYWAY TO SPLUNK 6.2.1.

Someone's been through a similar situation and could help me?

0 Karma

belka
Path Finder

I ran into this problem.

I installed the DCN, the connections all checked out green, and I was ready to go. I did a search and my VMwre app dashboard all came up with data. Brillant, so far.

The Data Collection Node (DCN) that comes with Splunk has a 5GB disk. The default for for the dispatcher for doing searches is 5GB. What happened to me is that the VMware app came up, populated the dashboards, and then never collected another thing. The reason, revealed by tailing the splunkd.log file on the DCN is that there was not enough space on the virtual disk drive on the DCN VM. I solved it by having the VM admin up the space available to $SPLUNK_HOME directory on the DCN. Ultimately, I rolled my own DCN because the VMWare schema couldn't (or wouldn't) grow the VM directory. Splunk was in /home/splunk vice /opt/splunk. oh well.

The other possible solution is to change the minimum disk space required for the dispatcher in Splunk when conduction searches. You could lower it to 2 GB and then start getting search data back. If you problem is similar to the one I encountered, this might help.

0 Karma
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...