TIPS & TRICKS

Splunk App for VMware(beta) now supports vSphere 5

If you’re participating in our beta program for the Splunk App for VMware, and are upgrading to vSphere 5 shortly, we have good news for you. We’ve released an updated beta with support for vSphere 5!

You may be wondering—what have we heard from our beta customers so far?

The first thing we hear is, “Wow, this is a lot of data!”—and it is. One of the reasons for this, is that we pull metrics data directly from the ESX hosts and with a much deeper level of granularity than is available with vCenter.

“What’s the use of this deeper level of granularity? ”, you might ask

Well—have you had that experience as a user of VMware virtual machines, where you call your VMware guy and you tell him, “my VM tells me memory is low…what is going on with it?” and he tells you “ I don’t see anything wrong…looks fine to me, memory utilization looks normal. And no, don’t ask for more memory”. Its maddening, isn’t it?

Let’s say you got this memory error two or three times earlier in the week. By the time you call and ask him about this problem, he no longer has detailed metrics data for those days. His administrative tool, vCenter, has already summarized this data! All he can see are thirty minute or daily averages, depending on when the problem happened.

He also needs to look at the host on which the virtual machine was running when it was experienced problems. How much memory is being “swapped” out? How much “memory ballooning “ activity is taking place? These can indicate that the underlying host is considerably strained to provide virtual machines with the memory that they need.

It’s pretty complicated to figure out where a virtual machine was running in the past. Even if the admin does figure it out, when he looks back in time to when the problem started happening, he will only see a high level summary, or “rollup”. The fine-level detail is gone, which could make it impossible to track down a root cause!

So—what does your sys admin need?

  1. A way to collect data at the lowest level of granularity. (Twenty seconds is the best available directly from the ESX host.)
  2. A way to store this data that allows him to go back in time and do a real analysis of what the environment looked like at any point in time.

The first problem is solved with the Splunk virtual forwarder appliance, which we created to collect granular performance data directly from ESX/ESXi hosts. The second problem can only be solved with Splunk! Storing, analyzing, and trending data from hypervisors, operating systems, applications, storage, networks, and all the rest, and making connections across all of your technologies is a Big Data problem, when you really think about it. Splunk lets you trace back the path of your virtual machine and inspect host behavior, OS behavior, storage behavior and more at any point in time.

So, go talk to your VMware admin. Find out how he plans to solve the data problem he has on his hands! Tell him you might have a secret weapon up your sleeve. And of course, write to us at vmware AT splunk.com to see if we can help you:)

Stay tuned for more posts about our beta progress to date…

----------------------------------------------------
Thanks!
Leena Joshi

Splunk
Posted by

Splunk

Join the Discussion