Manually configure an OpenShift integration
Collect data from OpenShift by installing and customizing the file below.
Steps
1. Download and install OpenShift
Download the following file:
After downloading, manually customize the following install script using information from Step 2:
Installation script
Customize the following installation script.
export MONITORING_MACHINE="$MONITORING_MACHINE" && \ export HEC_TOKEN="$HEC_TOKEN" && \ export HEC_PORT="$HEC_PORT" && \ export GLOBAL_HEC_INSECURE_SSL="$GLOBAL_HEC_INSECURE_SSL" && \ export OBJECTS_INSECURE_SSL="$OBJECTS_INSECURE_SSL" && \ export METRICS_INSECURE_SSL="$METRICS_INSECURE_SSL" && \ export JOURNALD_PATH="$JOURNALD_PATH" && \ export ITSI_SCK_PROJECT="$ITSI_SCK_PROJECT" && \ export KUBELET_PROTOCOL="$KUBELET_PROTOCOL" && \ export METRICS_INDEX="METRICS_INDEX" && \ export LOG_INDEX="$LOG_INDEX" && \ export META_INDEX="$META_INDEX" && \ export CLUSTER_NAME="$CLUSTER_NAME" && \ export SCK_DOWNLOAD_ONLY="$SCK_DOWNLOAD_ONLY" && \ export CORE_OBJ="$CORE_OBJ" && \ export APPS_OBJ="$APPS_OBJ" && \ wget -o- --no-check-certificate https://docs.splunk.com/images/4/47/OpenShift_resources.zip && \ unzip OpenShift_resources.zip && \ wget https://github.com/splunk/splunk-connect-for-kubernetes/releases/download/1.4.7/splunk-connect-for-kubernetes-1.4.7.tgz -O splunk-connect-for-kubernetes.tgz && \ bash deploy_sck_openshift.sh
2. Specify configuration options
The following table describes the variables to configure for the installation script:
Variable | Description |
---|---|
$MONITORING_MACHINE | Specify the FQDN or IP address of the system you want to send data to. Do not enter a hostname. |
$METRICS_INDEX | Specify the metrics index to receive metrics data. itsi_im_metrics is recommended to work with ITSI's default configuration. |
$META_INDEX | Specify the events index to receive Kubernetes metadata data. itsi_im_meta is recommended to work with ITSI's default configuration. |
$LOG_INDEX | Specify the events index to receive Kubernetes log data. |
$HEC_TOKEN | Specify the HEC token you configured to send data to the app. This should be a HEC token with access to the $METRICS_INDEX, $LOG_INDEX, and $META_INDEX. The HEC token's sourcetype must be itsi_im_metrics. Global HEC settings have to have tokens enabled in $SPLUNKWEB/en-US/manager/itsi/http-eventcollector. |
$HEC_PORT | Specify the HEC port of the system you want to send metrics data to. The recommended port is 8088. |
$CORE_OBJ | Specify a list of Kubernetes objects to collect, separated by commas. A minimum of pods,nodes is required. Other possible values are component_statuses, config_maps, namespaces, persistent_volumes, persistent_volume_claims, resource_quotas, services, service_accounts, events.
Metrics, events, and metadata will be collected for each of these objects, but only nodes and pods will be monitored by ITSI's default configuration. However, the other objects will be available in Search and Reporting under ITSI's default configuration. |
$APPS_OBJ | Specify a comma-separated list of Kubernetes objects to collect. Possible values are daemon_sets, deployments, replica_sets, stateful_sets. Metrics, events, and metadata will be collected for each of these objects, but these objects will be available in Search and Reporting under ITSI's default configuration. |
$CLUSTER_NAME | Specify a unique name for the Kubernetes cluster. |
$ITSI_SCK_PROJECT | Specify a unique name for the OpenShift project. The project contains Splunk Connect for Kubernetes objects, policies, constraints, and service accounts |
$SCK_DOWNLOAD_ONLY | If this is "true", the installation snippet will generate manifests but will not deploy them. You have to manually deploy the manifests. If this is "false", then the installation snippet will install SCK. |
$GLOBAL_HEC_INSECURE_SSL | If this is "true", the Splunk Connect for Kubernetes pods will be able to send data to the Splunk HEC endpoint with an insecure SSL connection. If this is "false", the Splunk Connect for Kubernetes pods will have to use a secure SSL connection. |
$OBJECTS_INSECURE_SSL | If this is "true", the kubernetes-objects pods will be able to talk to the Kubernetes API with an insecure SSL connection. If this is "false", the kubernetes-objects pods will have to use a secure SSL connection. |
$METRICS_INSECURE_SSL | If this is "true", the kubernetes-metrics pods to talk to the Kubelet on each node with an insecure SSL connection. If this is "false", the kubernetes-metrics pod will have to use a secure SSL connection. |
$JOURNALD_PATH | Specify the path to the journald logs on your Kubernetes node. This may vary based on OS distribution, but it's likely to be "/run/log/journal". |
$KUBELET_PROTOCOL | If this is https, Kubernetes-metrics will be collected from Kubelet port 10250 over https. If this is "http", Kubernetes-metrics will be collected from Kubelet port 10255 over http. |
Manually configure an OSX integration |
This documentation applies to the following versions of Splunk® IT Essentials Work: 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only, 4.10.3 Cloud only, 4.10.4 Cloud only, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.6, 4.12.0 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3
Feedback submitted, thanks!