Splunk App for VMware (beta) – Good things come to those who wait..

Yes! Its here! I am very pleased to announce that the Splunk App for VMware is now in beta. If you are on our beta email list, you should have gotten access instructions already. If you haven’t , let us know (vmware AT splunk DOT com Or ljoshi AT splunk DOT com)

For those not in the know, the Splunk App for VMware has been a popular request from nearly all of our customers and a much-searched for app. Why? Because virtualization, as much as it allows resources to be shared more efficiently, also leads to problems being shared! Splunk customers want to be able to tie user level or application level problems with the underlying server, storage, network or virtualization layers. They want a way to make those connections easily and at scale.

There is also another big reason to want virtualization layer data in Splunk. Virtualized environments are dynamic. Virtual machines move from host to host or even from one storage location to another.  When someone reports a problem, its not enough to look at the current state of your environment – you really want to go back in time to when the problem first started. You want to see where the virtual machine was, which other virtual machines were on the same host or storage location, was there a “noisy neighbor”, what the host’s performance metrics looked like, what changes  were subsequently made to the host or virtual machine over time and more.

Including virtualization layer data alongside all other data from your applications, your storage, your networks in Splunk,  allows you to really perform correlations across different layers of your technology stack. You can use virtualization data to not only diagnose and resolve performance or operational problems ,  you can also use it to generate operational analytics such as capacity utilization, trending, usage reporting and planning. When data is collected comprehensively, it also becomes relevant for audit, compliance and security monitoring and reporting.

The Splunk App for VMware simplifies the collection of virtualization layer data and getting it into Splunk. And it does this without interfering with the operation of vCenter Server (often the bottleneck) in VMware environments. The solution includes a virtual appliance that collects metrics & logs directly from your ESX/ESXi hosts, as well as topology, tasks, events and log information from VC. Since we don’t collect performance metrics from VC, we can go deeper and collect metrics from the host ESX/ESXi servers at a much lower level of granularity (20 second granularity).

Splunk not only collects ALL the data, it also stores it (unfiltered or summarized) for as long as you need it. You can run all kinds of analyses and correlate data from your virtualization layer with data from your virtualized applications, as well as from your physical infrastructure such as storage and networks. As one of our customers says it, “You never know what data you will need till you need it”.

If you’re familiar with Splunk, you can take some of our example views and reports and generate any dashboards you like for your environment. Some examples we provide are:  total disk used by snapshots, virtual machines with too many snapshots in the environment, thin provisioned datastores with too little capacity available – the list goes on and on.

I am posting a few screenshots here and will plan to do a webcast and demo shortly. Stay tuned for more good stuff, and as usual, if you have comments or questions – email me!

Track statistics as virtual machines migrate

Detailed performance metrics, for hosts and virtual machines (disk metrics in the below picture)

Capacity Reporting

Detailed Log Analysis And Reporting

Leena Joshi

Posted by