Docs » Use Splunk Distribution of OpenTelemetry Collector

Use Splunk Distribution of OpenTelemetry Collector πŸ”—

Splunk Distribution of OpenTelemetry Collector is a distribution of the OpenTelemetry Collector. A distribution is a customized version of an OpenTelemetry component.

The collector provides a unified way to receive, process, and export metric, trace, and log data for the following Splunk Observability Cloud products:

While it is recommended to use Splunk Forwarders to send data to Splunk Cloud Platform or Splunk Enterprise, the collector can be configured to send data to both by using the splunk_hec exporter.


This project is currently in Beta. See Beta Definition for more information.

Getting started πŸ”—

Refer to the following topics for an overview of the collector:

  • Architecture, which describes how to deploy the collector.

  • Components, which describes what collector supports.

  • Monitoring, which describes how to ensure that the collector is healthy.

  • Security, which describes how to ensure that the collector is secure.

  • Sizing, which describes how to ensure that the collecor is properly sized.

  • Troubleshooting, which describes how to resolve common issues with the collector.

You need the following resources to get started using the collector:

This distribution is supported on and packaged for a variety of platforms, including:

See examples for additional use cases.

Default configuration πŸ”—

The following is a list of default configuration files. These files contain standard specifications and settings.

  • signalfx/splunk-otel-collector. full_config_linux.yaml includes comments and links to documentation. agent_config_linux.yaml is the recommended starting configuration for most environments.

  • Fluentd, which is only applicable to Helm or installer script installations. See the *.conf files and the conf.d directory. Common sources, including filelog, journald, and Windows Event Viewer are included.

Custom configuration πŸ”—

These components can be customized to change the default behavior of the collector.

  • Configuration sources: Use environment variables, etcd2, Include, Vault, and Zookeeper to retrieve data from specific configuration sources. After retrieving the data, you can then insert the data into your configuration.

  • SignalFx Smart Agent: Extensions, including collectd and Python, are used to implement components that can be added to the configuration, but do not require direct access to data. Receivers use the existing Smart Agent monitors as metric receivers to gather data.


SignalFx Smart Agent is deprecated. For details, see the Deprecation Notice. See Migrating from the SignalFx Smart Agent for resources and best practices to start using the Splunk Distribution of OpenTelemetry Collector, which is the replacement for the Smart Agent.

Using upstream OpenTelemetry Collector πŸ”—

It is possible to use the upstream OpenTelemetry Collector instead of this Splunk Distribution of OpenTelemetry Collector. The following features are not available upstream at this time:

  • Packaging, including installer scripts for Linux and Windows, and configuration management using Ansible or Puppet

  • Configuration sources

  • Several Smart Agent capabilities


Splunk only provides best-effort support for the upstream OpenTelemetry Collector.

Do the following to use the upstream OpenTelemetry Collector:

  1. Use the OpenTelemetry Collector contribution. This contribution includes receivers/exporters and components that are vendor specific.

  2. Configure the upstream OpenTelemetry Collector.

See upstream_agent_config.yaml for an example configuration for the upstream OpenTelemetry Collector. This configuration includes the recommended settings to ensure infrastructure correlation.

Troubleshooting πŸ”—

See Troubleshooting to resolve common issues using the OpenTelemetry Collector and Splunk Distribution of OpenTelemetry Collector.