What’s New In The Splunk App for VMware

Since the launch of the Splunk App for VMware, we’ve received some great feedback on how to use the data collected by the App. Today, we are excited to announce the general availability of the Splunk App for VMware v2.0 and with your help we’ve introduced some fantastic reports and visualizations. Here are some highlights:

Health reports: These reports provide a real-time view of the health of your VMware environments. You can quickly identify which VMs and hosts have system resources that are in a critical state, datastores that are under- or over-utilized, alarms that have been triggered from your environments and more. You can then logically navigate from these summary pages to detailed pages. And to do that, you no longer need Sideview Utils, it’s all built-into the App and comes as a package!

Threshold based reporting: This App collects 24 performance metrics out-of-the-box. And each of these metrics comes with out-of-the-box thresholds. You can easily manage these thresholds through an interface within the App.  In the case where you’ve customized the App to collect more performance counters from ESX/I hosts, the same interface can be used to create new thresholds for these custom counters as well.

Topology maps: With the App collecting hierarchy data from vCenter Server, we created interactive topology maps that help you get a pulse on your VMware environments, based on the thresholds. This tree-like view provides a visual display on the underlying map of your VMware environment. With color coding that provides immediate visibility into the health of individual nodes within the map, easily drill down into detailed reports for further investigation. Get a sense of the health of each individual node vs the entire environment, with our lovely new node vs environment comparison visualization.

Log browsers: With the Splunk App for VMware collecting logs from ESX/i hosts and VCs, tasks and events data and hierarchy and time data, we’ve provided log browsers with topology overlays to examine your logs in greater detail. This way, you can access those unique exceptions, like say “SCSI reservation errors” or “duplicate IP “which are only available in the VC and ESX/i logs.

Data volumes: In this release, we’ve narrowed down the data collection to 48 metrics (24 metrics each for VMs and ESX/i hosts) out-of-the-box along with logs, tasks and events and inventory. But we haven’t taken away any flexibility in collecting whatever you need. We have provided clear instructions on how to collect more metrics, if you need them or less logs if you need that. This way, you don’t turn on a firehose and can pick & choose what data is important to you.

Easy upgrade: Are you already using the v1.x? If so, upgrading to this version should take you no more than 15-30 minutes – REALLY! Download the App from splunkbase and access these enhancements immediately. If it takes you longer to upgrade from v1.x, call us out on it!

We also continue to have reports for security, capacity planning, tasks and events, frequently requested searches and much much more.  I can keep going on all the capabilities, but I’d rather you spend your time getting this installed and using it rather than reading my lengthy blog post.

It’s a free App – so download it and get started.  We’ve documented installation, configuration and usage, but if you’d rather have someone guide you through these steps, we have recordings for installation, configuration and usage for you as well.

We hope that you enjoy using the latest version of the App as much as we enjoyed collaborating with you and developing it. Let us know what you think. Have more suggestions? Email us at

Priya Balakrishnan

Posted by