Docs » Install and configure Splunk Distribution of OpenTelemetry Collector » Install the Collector » Install on Windows

Install on Windows 🔗

Splunk OpenTelemetry Collector for Windows is a package that provides integrated collection and forwarding for all data types. Install the package using one of these methods:

Installer script 🔗

The installer script is available for Windows 64-bit environments. The script deploys and configures these things:

  • Splunk OpenTelemetry Collector for Windows

  • Fluentd (using the td-agent)

The following Windows versions are supported and require PowerShell 3.0 or newer:

  • Windows Server 2012 64-bit

  • Windows Server 2016 64-bit

  • Windows Server 2019 64-bit

Do the following to install the package using the installer script:

  1. Ensure that you have Administrator access on your host.

  2. Run the following PowerShell command on your host, replacing the following variables for your environment:

& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "SPLUNK_ACCESS_TOKEN"; realm = "SPLUNK_REALM"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}

Configure memory allocation 🔗

To configure memory allocation, use the memory parameter. By default, this parameter is set to 512 MiB, or 500 x 2^20 bytes, of memory. Increase this setting to allocate more memory, as shown in the following example.

& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "SPLUNK_ACCESS_TOKEN"; realm = "SPLUNK_REALM"; memory = "SPLUNK_MEMORY_TOTAL_MIB"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}

Replace SPLUNK_MEMORY_TOTAL_MIB with the desired integer value.

Configure Fluentd 🔗

By default, the Fluentd service is installed and configured to forward log events with the @SPLUNK label and send these events to the HEC ingest endpoint determined by the --realm <SPLUNK_REALM> option. For example, https://ingest.<SPLUNK_REALM>.signalfx.com/v1/log.

To configure the package to send log events to a custom HEC endpoint URL, you can specify the following parameters for the installer script:

  • hec-url = "<URL>"

  • hec-token = "<TOKEN>"

The main Fluentd configuration file is installed to \opt\td-agent\etc\td-agent\td-agent.conf. Custom Fluentd source configuration files can be added to the \opt\td-agent\etc\td-agent\conf.d directory after installation.

Note the following:

  • In this directory, all files with the .conf extension are automatically included by Fluentd.

  • By default, Fluentd is configured to collect from the Windows Event Log. See \opt\td-agent\etc\td-agent\conf.d\eventlog.conf for the default configuration.

After any configuration modification, apply the changes by restarting the system or running the following PowerShell commands:

Stop-Service fluentdwinsvc
Start-Service fluentdwinsvc

Windows Installer 🔗

Do the following to install the package using the Windows Installer:

  1. Download the Windows MSI package (64-bit only) from GitHub releases.

  2. Double click the downloaded package and follow the instructions in the wizard.

The package is installed to \Program Files\Splunk\OpenTelemetry Collector, and the splunk-otel-collector service is created, but not started. A default configuration file is copied to \ProgramData\Splunk\OpenTelemetry Collector\agent_config.yaml, if it does not already exist. This file is required to start the splunk-otel-collector service.

Puppet 🔗

Splunk provides a Puppet module to install and configure the package. A module is a collection of resources, classes, files, definition, and templates. See Splunk OpenTelemetry Collector Puppet Module to download the module.

PowerShell terminal 🔗

Do the following to install the package from a PowerShell terminal:

  1. Download the Windows MSI package (64-bit only) from GitHub releases.

  2. Run the following command in a PowerShell terminal. Replace PATH_TO_MSI with the full path to the downloaded package. For example, C:\your\download\folder\splunk-otel-collector-0.4.0-amd64.msi:

    PS> Start-Process -Wait msiexec "/i PATH_TO_MSI /qn"
    
  3. Update all variables in the configuration file as appropriate. See the next section for the steps to do this.

  4. Start the splunk-otel-collector service by rebooting the system or running the following command in a PowerShell terminal:

    PS> Start-Service splunk-otel-collector
    

The package is installed to \Program Files\Splunk\OpenTelemetry Collector, and the splunk-otel-collector service is created, but not started. A default configuration file is copied to \ProgramData\Splunk\OpenTelemetry Collector\agent_config.yaml, if it does not already exist. This file is required to start the splunk-otel-collector service.

Docker 🔗

Run the following command to deploy the latest Docker image:

$ docker run --rm -e SPLUNK_ACCESS_TOKEN=12345 -e SPLUNK_REALM=us0  `
               -p 13133:13133 -p 14250:14250 -p 14268:14268 -p 4317:4317 -p 6060:6060  `
               -p 8888:8888 -p 9080:9080 -p 9411:9411 -p 9943:9943 `
               --name=otelcol quay.io/signalfx/splunk-otel-collector-windows:latest
          # Use a semantic versioning (semver) tag instead of the ``latest`` tag.
          # Semantic versioning is a formal convention for determining the version
          # number of new software releases.

More information regarding the docker run command options:

  • --rm automatically removes the container when it exits.

  • -e sets simple (non-array) environment variables in the container you’re running, or overwrite variables that are defined in the Dockerfile of the image you’re running.

  • -p publishes a container’s port(s) to the host.

Ansible 🔗

Splunk provides an Ansible role that installs the package configured to collect data (metrics, traces, and logs) from Windows machines and send that data to Observability Cloud.

Before installing the Ansible collection, do the following:

Ansible requires PowerShell 3.0 or newer and at least .NET 4.0 to be installed on the Windows host. A WinRM listener should be created and activated. You can find information on setting up the Windows host on the Ansible Documentation site.

Run the following command to install the Ansible collection from Ansible Galaxy:

ansible-galaxy collection install signalfx.splunk_otel_collector

To use this role, include the signalfx.splunk_otel_collector.collector role invocation in your playbook. Note that this role requires root access. The following example shows how to use the role in a playbook with minimal required configuration:

- name: Install Splunk OpenTelemetry Collector
  hosts: all
  become: yes
  # Setting the "become: yes" tag generates the following error message:
  # "The Powershell family is incompatible with the sudo become plugin".
  # Remove the "become: yes" tag.
  tasks:
    - name: "Include splunk_otel_collector"
      include_role:
        name: "signalfx.splunk_otel_collector.collector"
      vars:
        splunk_access_token: YOUR_ACCESS_TOKEN
        splunk_realm: SPLUNK_REALM

The following table describes the variables that can be configured for this role:

Variable

Description

Required

splunk_access_token

The Splunk access token to authenticate requests.

Yes

splunk_realm

The realm to send the data to. This variable is set with this value for the service. The default value is us0.

No

splunk_ingest_url

The Splunk ingest URL, for example, https://ingest.us0.signalfx.com. This variable is set with this value for the service. The default value is https://ingest.{{ splunk_realm }}.signalfx.com.

No

splunk_api_url

The Splunk API URL, for example, https://api.us0.signalfx.com. This variable is set with this value for the service. The default value is https://api.{{ splunk_realm }}.signalfx.com.

No

splunk_trace_url

The Splunk trace endpoint URL, for example, https://ingest.us0.signalfx.com/v2/trace. This variable is set with this value for the service. The default value is {{ splunk_ingest_url }}/v2/trace.

No

splunk_hec_url

The Splunk HEC endpoint URL, for example, https://ingest.us0.signalfx.com/v1/log. This variable is set with this value for the service. The default value is {{ splunk_ingest_url }}/v1/log.

No

splunk_otel_collector_version

The version of the package to install, for example, 0.25.0. The default value is latest.

No

splunk_otel_collector_config

The configuration file, created in YAML. This variable can be set to %ProgramData%\Splunk\OpenTelemetry Collector\gateway_config.yaml to install the package in Gateway mode. The default location is %ProgramData%\Splunk\OpenTelemetry Collector\agent_config.yaml.

No

splunk_config_override

The custom configuration that is merged into the default configuration.

No

splunk_config_override_list_merge

The variable used to configure the list_merge option for merging lists in splunk_config_override with lists in the default configuration. Allowed options are replace, keep, append, prepend, append_rp, or prepend_rp. The default value is replace. You can find information about this variable on the Ansible Documentation site.

No

splunk_otel_collector_config_source

This is the source path to a configuration file on your control host that is uploaded and set in place of the value set in splunk_otel_collector_config on remote hosts. This variable can be used to submit a custom configuration, for example,./custom_collector_config.yaml. The default value is "", which means that nothing is copied and the configuration file set with splunk_otel_collector_config is used.

No

splunk_bundle_dir

The path to the bundle directory. The default path is provided by the package. If the specified path is changed from the default value, the path should be an existing directory on the node. This variable is set with this value for the service. The default location is %ProgramFiles%\Splunk\OpenTelemetry Collector\agent-bundle.

No

splunk_collectd_dir

The path to the collectd configuration directory for the bundle. The default path is provided by the package. If the specified path is changed from the default value, the path should be an existing directory on the node. This variable is set with this value for the service. The default location is %ProgramFiles%\Splunk\OpenTelemetry Collector\agent-bundle\run\collectd.

No

splunk_memory_total_mib

The amount of allocated memory in MiB. The default value is 512, or 500 x 2^20 bytes, of memory .

No

splunk_ballast_size_mib

The set memory ballast size in MiB. The default value is 1/3 of the value set in splunk_memory_total_mib.

No

install_fluentd

The option to install or manage Fluentd and dependencies for log collection. The default value is true.

No

td_agent_version

The version of td-agent (Fluentd package) that is installed.

No

splunk_fluentd_config

The path to the Fluentd configuration file on the remote host. The default is %SYSTEMDRIVE%\opt\td-agent\etc\td-agent\td-agent.conf.

No

splunk_fluentd_config_source

The source path to a Fluentd configuration file on your control host that is uploaded and set in place of the value set in splunk_fluentd_config on remote hosts. Use this variable to submit a custom Fluentd configuration, for example, ./custom_fluentd_config.conf. The default value is "", which means that nothing is copied and the configuration file set with splunk_otel_collector_config is used.

No

More options 🔗

Once you have installed the package, you can perform these actions: