Splunk® App for Infrastructure

Administer Splunk App for Infrastructure

Download manual as PDF

Download topic as PDF

Configure Kubernetes data collection for Splunk App for Infrastructure

Use the easy install script to start collecting metrics and log data from a Kubernetes cluster. When you run the script, you start ingesting metrics and log data for pods and nodes in the cluster. Nodes and pods in the cluster you monitor are entities in the Splunk App for Infrastructure (SAI). You can search other metrics you specify to collect data for in the Search app.

View detailed information about the status of pods you monitor from the Entity Overview. For information about pod statuses, see Pod phase on the Kubernetes website. The status for Kubernetes nodes is set to disabled when the status of then node enters an unknown state. From the Investigate tab, the status of entities does not contain detailed pod status information, and is either Active or Inactive.

Go to the Investigate page in SAI to monitor your entities in the Tile or List view. You can group your entities to monitor them more easily, and further analyze your infrastructure by drilling down to the Overview Dashboard for entities or Analysis Workspace for entities and groups.

For information about stopping or removing the data collection agents, see Stop data collection on Splunk App for Infrastructure.

Prerequisites

Meet the following requirements to configure data collection:

Item Requires
Data collection script dependencies

See Kubernetes data collection requirements in the Install and Upgrade Splunk App for Infrastructure guide.

Helm You must have permission to execute helm commands.
HEC token To configure an HEC token for SAI, see 5. Create the HTTP Event Collector (HEC) token in the Install and Upgrade Splunk App for Infrastructure guide.

Steps

Follow these steps to configure and run the data collection script to start forwarding data from a Kubernetes cluster to the Splunk App for Infrastructure (SAI).

1. Set up Helm

Install and initialize Helm on each Kubernetes cluster you want to monitor in SAI. For information about setting up Helm, see the Quickstart Guide on the Helm website.

You must run the easy install script on the system that runs Helm.

2. Specify configuration options

Specify the data collection options for collecting metrics and logs from the cluster. If you're running SAI on Splunk Cloud, you must enter specific settings for the Monitoring machine, HEC port, and Receiver port. For more information, see Install and configure the data collection agents on each applicable system in the Install and Upgrade Splunk App for Infrastructure guide.

  1. In the SAI user interface, click the Add Data tab and select Kubernetes.
  2. For Data to be collected, click Customize Objects to define which objects to track:
    Object Sourcetype Description
    pods kube:objects:pods Enabled by default, cannot be disabled. Collects metadata, spec, and status data for pods in the cluster.
    nodes kube:objects:nodes Enabled by default, and cannot be disabled. Collects metadata, spec, and status data for nodes in the cluster.

    You can enable advanced object collection for these objects:

    Object Sourcetype Description
    component_statuses kube:objects:component_statuses Collects conditions and metadata data for the status of resources in the cluster.
    config_maps kube:objects:config_maps Collects data and metadata data for ConfigMaps in the cluster.
    daemon_sets kube:objects:daemon_sets Collects metadata, spec, and status data for daemonsets in the cluster.
    deployments kube:objects:deployments Collects metadata, spec, and status data for deployments in the cluster.
    namespaces kube:objects:namespaces Collects metadata, spec, and status data for namespaces in the cluster.
    persistent_volumes kube:objects:persistent_volumes Collects metadata, spec, and status data for persistent volumes in the cluster.
    persistent_volume_claims kube:objects:persistent_volume_claims Collects metadata, spec, and status data for persistent volume claims in the cluster.
    replica_sets kube:objects:replica_sets Collects metadata, spec, and status data for replica sets in the cluster.
    resource_quotas kube:objects:resource_quotas Collects metadata, spec, and status data for resource quotas in the cluster.
    services kube:objects:services Collects metadata, spec, and status data for services in the cluster.
    service_accounts kube:objects:service_accounts Collects metadata and secrets data for service accounts in the cluster.
    stateful_sets kube:objects:stateful_sets Collects metadata, spec, and status data for stateful sets in the cluster.
    events kube:objects:events Collects object and type data for events in the cluster.

    Advanced object collection options do not have visualizations in SAI. Track these objects in the Search & Reporting app. By default, object data is stored in the em_meta index.

  3. For Monitoring machine, enter the FQDN or IP address of the system you are sending data to. This is the system running SAI.
  4. Enter the HEC token of the system you want to send data to.
  5. Enter the HEC port of the system you want to send metrics data to. Use port 8088 if it is available.
  6. Enter a unique Kubernetes namespace to specify a namespace in the Kubernetes cluster for the SCK components.
  7. Enter a unique Cluster name to specify the name of the Kubernetes cluster you're running the script in. If you do not enter anything, the script specifies a name for you.
  8. Enter a unique Release name for the SCK release when you install it in your cluster. The release tracks the installation of SCK.

3. Run the script

Execute the script on the system that runs Helm.

  1. Open a command line window on the system that runs Helm.
  2. Switch to the cluster you want to monitor in SAI:
    kubectl config use-context <context_name>
    
    where <context_name> is the context that corresponds to the cluster you're monitoring.
  3. Paste the script you configured in the Add Data tab in SAI.
  4. To verify you successfully deployed the SCK, check the status of the release in the console using $ helm status <release name> from the command line.
PREVIOUS
Configure Mac OS X data collection for Splunk App for Infrastructure
  NEXT
Configure OpenShift data collection for Splunk App for Infrastructure

This documentation applies to the following versions of Splunk® App for Infrastructure: 1.4.0, 1.4.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters