Index=vmware EventType=AGENT_CONNECTED DesktopDisplayName="*" | timechart count(DesktopDisplayName) by DesktopDisplayName Index=vmware EventType!=Null | stats count by EventType Index=vmware EventType!=Null | timechart count by EventType Index=vmware EventType=AGENT_CONNECTED DesktopDisplayName=* earliest=$$ latest=$$ | stats count by DesktopDisplayName| sort - count |fields - Event Types Over Time Just create two new dashboards and import the attached xml dashboards. You can find more information and an example dashboard in this post.
I recommend using Splunk universal forwarder dedicated for your Syslog input.
You can configure a Syslog input and create a VMWare index on port 514.
You can have your connection servers configured to send logs to Splunk. VMWare Horizon can send data to Splunk as Syslog target.
0 kommentar(er)
