Splunk® IT Service Intelligence

Entity Integrations Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Manually configure a Kubernetes (SCK) integration

Deploy Splunk Connect for Kubernetes (SCK) with Helm to collect metrics and log data from Kubernetes clusters. For more information about SCK, see the Splunk Connect for Kubernetes 1.4.7 release documentation in the Github repository.

Steps

Follow these steps to configure and run the data collection script to start forwarding data from a Kubernetes cluster.

1. Set up Helm

Install and initialize Helm on each Kubernetes cluster you want to monitor. For information about setting up Helm, see the Quickstart Guide on the Helm website.

You must run the easy install script on the system that runs Helm.

2. Specify configuration options

Download the following file:

After downloading, manually customize the following install script using the table below:

Installation script

Customize the following installation script.

export MONITORING_MACHINE='$MONITORING_MACHINE' && \
export METRICS_INDEX='$METRICS_INDEX' && \
export META_INDEX='$META_INDEX' && \
export LOG_INDEX='$LOG_INDEX' && \
export HEC_TOKEN='$HEC_TOKEN' && \
export HEC_PORT='$HEC_PORT' && \
export CORE_OBJ='$CORE_OBJ' && \
export APPS_OBJ='$APPS_OBJ' && \
export CLUSTER_NAME='$CLUSTER_NAME' && \
export KUBERNETES_NAMESPACE='$KUBERNETES_NAMESPACE' && \
export HELM_RELEASE_NAME='$HELM_RELEASE_NAME' && \
export TILLER_NAMESPACE='$TILLER_NAMESPACE' && \
export SCK_DOWNLOAD_ONLY='$SCK_DOWNLOAD_ONLY' && \
export GLOBAL_HEC_INSECURE_SSL='$GLOBAL_HEC_INSECURE_SSL' && \
export OBJECTS_INSECURE_SSL='$OBJECTS_INSECURE_SSL' && \
export METRICS_INSECURE_SSL='$METRICS_INSECURE_SSL' && \
export JOURNALD_PATH='$JOURNALD_PATH' && \
export KUBELET_PROTOCOL='$KUBELET_PROTOCOL' && \
wget -o- --no-check-certificate https://docs.splunk.com/images/9/9c/K8s_resources.zip && \
unzip K8s_resources.zip && \
wget https://github.com/splunk/splunk-connect-for-kubernetes/releases/download/1.4.7/splunk-connect-for-kubernetes-1.4.7.tgz -O splunk-connect-for-kubernetes.tgz && \
bash deploy_sck_k8s.sh


The following table describes the variables to configure for the installation script:

Variable Description
$MONITORING_MACHINE Specify the FQDN or IP address of the system you want to send data to. Do not enter a hostname.
$METRICS_INDEX Specify the metrics index to receive metrics data. itsi_im_metrics is recommended to work with ITSI's default configuration.
$META_INDEX Specify the events index to receive Kubernetes metadata data. itsi_im_meta is recommended to work with ITSI's default configuration.
$LOG_INDEX Specify the events index to receive Kubernetes log data.
$HEC_TOKEN Specify the HEC token you configured to send data to the app. This should be a HEC token with access to the $METRICS_INDEX, $LOG_INDEX, and $META_INDEX. The HEC token's sourcetype must be itsi_im_metrics.

Global HEC settings have to have tokens enabled in $SPLUNKWEB/en-US/manager/itsi/http-eventcollector.

$HEC_PORT Specify the HEC port of the system you want to send metrics data to. The recommended port is 8088.

The following table describes variables to configure object collection:

Variable Description
$CORE_OBJ Specify a list of Kubernetes objects to collect, separated by commas A minimum of pods,nodes is required. Other possible values are component_statuses, config_maps, namespaces, persistent_volumes, persistent_volume_claims, resource_quotas, services, service_accounts, events. Metrics, events, and metadata will be collected for each of these objects, but only nodes and pods will be monitored by ITSI's default configuration. However, the other objects will be available in Search and Reporting under ITSI's default configuration.
$APPS_OBJ Specify a comma-separated list of Kubernetes objects to collect. Possible values are daemon_sets, deployments, replica_sets, stateful_sets. Metrics, events, and metadata will be collected for each of these objects, but these objects will be available in Search and Reporting under ITSI's default configuration.

The following table describes the variables to configure Splunk Connect for Kubernetes:

Variable Description
$CLUSTER_NAME Specify a unique name for the Kubernetes cluster.
$KUBERNETES_NAMESPACE Specify the namespace where you want to deploy Splunk Connect for Kubernetes. A unique namespace is recommended.
$HELM_RELEASE_NAME Specify a unique name for the Helm release. Use the release name to identify SCK in your cluster. The release name must consist of lowercase alphanumeric characters or '-'. It must start and end with an alphanumeric character.
$TILLER_NAMESPACE Specify a Tiller namespace for Helm version 2 or earlier. This will set the TILLER_NAMESPACE variable in your environment. Enter one here if you haven't set one up yet. For Helm version 3, this can be left alone.
$SCK_DOWNLOAD_ONLY If this is "true", the installation snippet will generate manifests but will not deploy them. You have to manually deploy the manifests. If this is "false", then the installation snippet will install SCK.

The following table describes the variables to connect to Splunk Connect for Kubernetes:

Variable Description
$GLOBAL_HEC_INSECURE_SSL If this is "true", the Splunk Connect for Kubernetes pods will be able to send data to the Splunk HEC endpoint with an insecure SSL connection. If this is "false", the Splunk Connect for Kubernetes pods will have to use a secure SSL connection.
$OBJECTS_INSECURE_SSL If this is "true", the kubernetes-objects pods will be able to talk to the Kubernetes API with an insecure SSL connection. If this is "false", the kubernetes-objects pods will have to use a secure SSL connection.
$METRICS_INSECURE_SSL If this is "true", the kubernetes-metrics pods to talk to the Kubelet on each node with an insecure SSL connection. If this is "false", the kubernetes-metrics pod will have to use a secure SSL connection.
$JOURNALD_PATH Specify the path to the journald logs on your Kubernetes node. This may vary based on OS distribution, but it's likely to be "/run/log/journal".
$KUBELET_PROTOCOL If this is https, Kubernetes-metrics will be collected from Kubelet port 10250 over https. If this is "http", Kubernetes-metrics will be collected from Kubelet port 10255 over http.
Last modified on 28 April, 2023
PREVIOUS
SAI and ITSI functionalities reference
  NEXT
Manually configure an OSX integration

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1, 4.18.0, 4.18.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters