nnarh/splunk-otel-collector

---

Getting Started   •   Getting Involved   •   Migrating from Smart Agent

Architecture   •   Components   •   Monitoring   •   Security   •   Sizing   •   Troubleshooting

---

Splunk OpenTelemetry Connector

Splunk OpenTelemetry Connector is a distribution of the OpenTelemetry Collector. It provides a unified way to receive, process, and export metric, trace, and log data for Splunk Observability Cloud:

• Splunk APM via the sapm exporter. The otlphttp exporter can be used with a custom configuration. More information available here.
• Splunk Infrastructure Monitoring via the signalfx exporter. More information available here.
• Splunk Log Observer via the splunk_hec exporter.

While it is recommended to use Splunk Forwarders to send data to Splunk Cloud or Splunk Enterprise, Splunk OpenTelemetry Connector can be configured to send data to them via the splunk_hec exporter.

🚧 This project is currently in BETA (what does beta mean?)

Getting Started

The following resources are available:

• Architecture: How the Connector can be deployed
• Components: What the Connector supports with links to documentation
• Monitoring: How to ensure the Connector is healthy
• Security: How to ensure the Connector is secure
• Sizing: How to ensure the Connector is properly sized
• Troubleshooting: How to resolve common issues

All you need to get started is:

• Splunk Access Token
• Splunk Realm
• Agent or Gateway mode
• Confirm exposed ports to make sure your environment doesn't have conflicts and that firewalls are configured properly. Ports can be changed in the collector's configuration.

This distribution is supported on and packaged for a variety of platforms including:

• Kubernetes
  • Helm (recommended)
  • YAML
• Linux
  • Installer script (recommended)
  • Configuration management
    • Ansible
    • Puppet
  • Platform as a Service
    • Heroku
  • Manual including DEB/RPM packages, Docker, and binary
• Windows
  • Installer script (recommended)
  • Configuration management
    • Puppet
  • Manual including MSI with GUI and Powershell

You can consult additional use cases in the examples directory.

Advanced Configuration

A variety of default configuration files are provided:

• OpenTelemetry Collector see full_config_linux.yaml for a commented configuration with links to full documentation. agent_config_linux.yaml is the recommended starting configuration for most environments.
• Fluentd applicable to Helm or installer script installations only. See the *.conf files as well as the conf.d directory. Common sources including filelog, journald, and Windows event viewer are included.

In addition, the following components can be configured:

• Configuration sources
  • Environment variables
  • Etcd2
  • Include
  • Vault
  • Zookeeper
• SignalFx Smart Agent
  • Extension offering Collectd and Python extensions
  • Receiver offering the complete set of Smart Agent monitors
  • Information about migrating from the SignalFx Smart Agent can be found here

Using Upstream OpenTelemetry Collector

It is possible to use the upstream OpenTelemetry Collector instead of this distribution. The following features are not available upstream at this time:

• Packaging
  • Installer scripts for Linux and Windows
  • Configuration management via Ansible or Puppet
• Configuration sources
• Several SignalFx Smart Agent capabilities

⚠️ Splunk only provides best-effort support for upstream OpenTelemetry

In order to use the upstream OpenTelemetry Collector:

• Use the contrib distribution as commercial exporters must reside in contrib
• Properly configuration the Collector

An example configuration for upstream, that ensures infrastructure correlation is properly configured, is available here.

License

Apache Software License version 2.0.