Setting up a Splunk Server to Monitor a VMware Environment

Version 1


    Gathering and maintaining log files is an important part of a server administrator's duties. Using a centralized logging server, such as a sylog server offers several benefits. The log files become useful for troubleshooting purposes, if needed. Also, keeping an unaltered set of logs in a different location can aid in forensic activities after an attack.


    This document explains how to set up Splunk for monitoring a VMware Environment. This includes monitoring the ESX/ESXi Server logs, the vCenter Server Logs and some of the add-on services to vCenter. It also includes generic event logging for Windows and Linux guest operating systems.


    Intended Audience

    VMware Certified Professionals, System Management / Sysadmin / Operations



    1. Requirements

    2. Preparing the Splunk Server

    3. Installing Splunk Server

    4. Setting up ESX Servers and Linux VMs for Monitoring

    5. Setting up ESXi Servers for Monitoring

    6. Setting up vCenter Servers and Windows VMs for Monitoring

    7. Adding Miscellaneous Log Files to Splunk for Monitoring






    David Convery, VMware vExpert 2009


    Also check out |


    You use this proven practice at your discretion. VMware, and the author do not guarantee any results from the use of this proven practice. This proven practice is provided on an as-is basis and is for demonstration purposes only.