Overview of the Splunk OpenTelemetry Collector for Kubernetes
The Splunk OpenTelemetry Collector for Kubernetes is a Helm chart and validated architecture for the Splunk Distribution of OpenTelemetry Collector. The Splunk OpenTelemetry Collector for Kubernetes collects Kubernetes data including logs, metrics, and traces. It is a remote collector that runs within Kubernetes, but sends data to the Splunk platform.
Use the Splunk OpenTelemetry Collector for Kubernetes to send Kubernetes data to destinations including Splunk Cloud Platform, Splunk Enterprise, and Splunk Observability Cloud. You can build and manipulate Kubernetes pipelines, set source types and route to Splunk indexes, or mask and filter logs you want to monitor. The Splunk OpenTelemetry Collector for Kubernetes also offers advanced trace collection and support for multiline logs.
The Splunk OpenTelemetry Collector for Kubernetes is built on OpenTelemetry open standards and extends functionality of the Splunk Connect for Kubernetes. The following list highlights some benefits of the extended functionalities:
- Improved logging scale using OTel logging, instead of Fluentd. See https://github.com/signalfx/splunk-otel-collector-chart/blob/main/docs/advanced-configuration.md#performance-of-native-opentelemetry-logs-collection for more information.
- Advanced metrics collection.
- Advanced pipeline features, including data manipulation and routing.
- Support for trace collection.
- Support for Kubernetes annotations. Annotations provide you the ability to route namespace and pod logs to certain indexes, set source types, or include or exclude logs from being monitored. See https://github.com/signalfx/splunk-otel-collector-chart/blob/main/docs/advanced-configuration.md#managing-log-ingestion-by-using-annotations.
- Support for multiline logs through the file log receiver's recombine operator. Users can define line breaking rules in the collector to ensure multiline logs are properly rendered in the Splunk platform. See https://github.com/signalfx/splunk-otel-collector-chart/blob/main/docs/advanced-configuration.md#processing-multi-line-logs.
- Access to OpenTelemetry components. See all components supported in the Splunk Helm chart at https://github.com/signalfx/splunk-otel-collector/blob/main/docs/components.md#components.
To install and configure the Splunk OpenTelemetry Collector for Kubernetes, see https://github.com/signalfx/splunk-otel-collector-chart. For more information about the Helm chart, see Splunk OpenTelemetry Collector for Kubernetes in the Splunk Validated Architectures manual.
Splunk Connect for Kubernetes will no longer be supported as of January 1, 2024. If you already use Splunk Connect for Kubernetes, see https://github.com/signalfx/splunk-otel-collector-chart/blob/main/docs/migration-from-sck.md#migration-from-splunk-connect-for-kubernetes to migrate to the Splunk OpenTelemetry Collector for Kubernetes.
To learn more about the Splunk Distribution of OpenTelemetry Collector, see Get started with the Splunk OpenTelemetry Collector in the Splunk Observability documentation.
Forward data with the logd input | Overview of event processing |
This documentation applies to the following versions of Splunk® Enterprise: 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1
Feedback submitted, thanks!