Splunk® IT Essentials Work

Entity Integrations Manual

This documentation does not apply to the most recent version of Splunk® IT Essentials Work. For documentation on the most recent version, go to the latest release.

Manually configure an OpenShift integration

Collect data from OpenShift by installing and customizing the file below.

Steps

1. Download and install OpenShift

Download the following file:

After downloading, manually customize the following install script using information from Step 2:

Installation script

Customize the following installation script.

export MONITORING_MACHINE="$MONITORING_MACHINE" && \
export HEC_TOKEN="$HEC_TOKEN" && \
export HEC_PORT="$HEC_PORT" && \
export GLOBAL_HEC_INSECURE_SSL="$GLOBAL_HEC_INSECURE_SSL" && \
export OBJECTS_INSECURE_SSL="$OBJECTS_INSECURE_SSL" && \
export METRICS_INSECURE_SSL="$METRICS_INSECURE_SSL" && \
export JOURNALD_PATH="$JOURNALD_PATH" && \
export ITSI_SCK_PROJECT="$ITSI_SCK_PROJECT" && \
export KUBELET_PROTOCOL="$KUBELET_PROTOCOL" && \
export METRICS_INDEX="METRICS_INDEX" && \
export LOG_INDEX="$LOG_INDEX" && \
export META_INDEX="$META_INDEX" && \
export CLUSTER_NAME="$CLUSTER_NAME" && \
export SCK_DOWNLOAD_ONLY="$SCK_DOWNLOAD_ONLY" && \
export CORE_OBJ="$CORE_OBJ" && \
export APPS_OBJ="$APPS_OBJ" && \
wget -o- --no-check-certificate https://docs.splunk.com/images/4/47/OpenShift_resources.zip && \
unzip OpenShift_resources.zip && \
wget https://github.com/splunk/splunk-connect-for-kubernetes/releases/download/1.4.7/splunk-connect-for-kubernetes-1.4.7.tgz -O splunk-connect-for-kubernetes.tgz && \
bash deploy_sck_openshift.sh

2. Specify configuration options


The following table describes the variables to configure for the installation script:

Variable Description
$MONITORING_MACHINE Specify the FQDN or IP address of the system you want to send data to. Do not enter a hostname.
$METRICS_INDEX Specify the metrics index to receive metrics data. itsi_im_metrics is recommended to work with ITSI's default configuration.
$META_INDEX Specify the events index to receive Kubernetes metadata data. itsi_im_meta is recommended to work with ITSI's default configuration.
$LOG_INDEX Specify the events index to receive Kubernetes log data.
$HEC_TOKEN Specify the HEC token you configured to send data to the app. This should be a HEC token with access to the $METRICS_INDEX, $LOG_INDEX, and $META_INDEX. The HEC token's sourcetype must be itsi_im_metrics. Global HEC settings have to have tokens enabled in $SPLUNKWEB/en-US/manager/itsi/http-eventcollector.
$HEC_PORT Specify the HEC port of the system you want to send metrics data to. The recommended port is 8088.
$CORE_OBJ Specify a list of Kubernetes objects to collect, separated by commas. A minimum of pods,nodes is required. Other possible values are component_statuses, config_maps, namespaces, persistent_volumes, persistent_volume_claims, resource_quotas, services, service_accounts, events.

Metrics, events, and metadata will be collected for each of these objects, but only nodes and pods will be monitored by ITSI's default configuration. However, the other objects will be available in Search and Reporting under ITSI's default configuration.

$APPS_OBJ Specify a comma-separated list of Kubernetes objects to collect. Possible values are daemon_sets, deployments, replica_sets, stateful_sets. Metrics, events, and metadata will be collected for each of these objects, but these objects will be available in Search and Reporting under ITSI's default configuration.
$CLUSTER_NAME Specify a unique name for the Kubernetes cluster.
$ITSI_SCK_PROJECT Specify a unique name for the OpenShift project. The project contains Splunk Connect for Kubernetes objects, policies, constraints, and service accounts
$SCK_DOWNLOAD_ONLY If this is "true", the installation snippet will generate manifests but will not deploy them. You have to manually deploy the manifests. If this is "false", then the installation snippet will install SCK.
$GLOBAL_HEC_INSECURE_SSL If this is "true", the Splunk Connect for Kubernetes pods will be able to send data to the Splunk HEC endpoint with an insecure SSL connection. If this is "false", the Splunk Connect for Kubernetes pods will have to use a secure SSL connection.
$OBJECTS_INSECURE_SSL If this is "true", the kubernetes-objects pods will be able to talk to the Kubernetes API with an insecure SSL connection. If this is "false", the kubernetes-objects pods will have to use a secure SSL connection.
$METRICS_INSECURE_SSL If this is "true", the kubernetes-metrics pods to talk to the Kubelet on each node with an insecure SSL connection. If this is "false", the kubernetes-metrics pod will have to use a secure SSL connection.
$JOURNALD_PATH Specify the path to the journald logs on your Kubernetes node. This may vary based on OS distribution, but it's likely to be "/run/log/journal".
$KUBELET_PROTOCOL If this is https, Kubernetes-metrics will be collected from Kubelet port 10250 over https. If this is "http", Kubernetes-metrics will be collected from Kubelet port 10255 over http.
Last modified on 28 April, 2023
Manually configure an OSX integration  

This documentation applies to the following versions of Splunk® IT Essentials Work: 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only, 4.10.3 Cloud only, 4.10.4 Cloud only, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.6, 4.12.0 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters