Advanced configuration for Windows π
The Collector comes with a default configuration. To learn more, see Collector for Windows default configuration.
Configuration variables π
Splunk-specific environment variables are listed on the table below:
Name |
Description |
Default config? |
|---|---|---|
|
The Splunk access token to authenticate requests |
Yes |
|
The Splunk API URL. For example, https://api.us0.signalfx.com |
Yes |
|
|
No |
|
The path to the Smart Agent bundle. For example, |
Yes |
|
The path to the collectd config directory for the Smart Agent. For example, |
Yes |
|
Destination path of the Collector custom configuration file |
No |
|
Specifies your custom configuration YAML. This is useful in environments where access to the underlying file system is not readily available |
No |
|
By default, the Collector provides a sensitive value-redacting, local config server listening at http://localhost:55554/debug/configz/effective, which is helpful in troubleshooting. To disable it, set |
No |
|
The Splunk HEC authentication token |
Yes |
|
The Splunk HEC endpoint URL. For example, https://ingest.us0.signalfx.com/v1/log |
Yes |
|
The Splunk ingest URL. For example, https://ingest.us0.signalfx.com |
Yes |
|
The network interface the agent receivers listen on. |
Yes |
|
Use it to set the memory limit for the |
No |
|
Total memory in MiB to allocate to the Collector |
No |
|
Your Splunk realm |
No |
|
The Splunk trace endpoint URL. For example, https://ingest.us0.signalfx.com/v2/trace |
Yes |
SPLUNK_*_URL environment variables are automatically derived from SPLUNK_REALM. For example, SPLUNK_INGEST_URL = https://ingest.SPLUNK_REALM.signalfx.com.
Change the default configuration file π
Before starting the splunk-otel-collector service, change the variables in the default configuration file to the appropriate values for your environment. Based on the specified installation parameters, the environment variables are saved to the HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector registry key and set on the Environment entry.
To modify any of the configuration values, run regedit and browse to the path.
Configure memory allocation π
To configure memory allocation, use the memory parameter, which sets the environment variable SPLUNK_MEMORY_TOTAL_MIB.
By default, the Collector is configured to use 512 MiB of memory.
To modify this setting, replace
SPLUNK_MEMORY_TOTAL_MIBwith the desired integer value.
& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "SPLUNK_ACCESS_TOKEN"; realm = "SPLUNK_REALM"; memory = "SPLUNK_MEMORY_TOTAL_MIB"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}
Read more about Collector sizing in Sizing and scaling.
Configure proxy settings π
To configure proxy settings to install and run the OpenTelemetry Collector, see Configure proxy settings for the Collector.
Custom MSI URLs π
By default, the Collector MSI is downloaded from https://dl.signalfx.com and the Fluentd MSI is downloaded from https://packages.treasuredata.com .
To specify custom URLs for these downloads, use the collector_msi_url and fluentd_msi_url options. Replace COLLECTOR_MSI_URL and FLUENTD_MSI_URL with the URLs to the desired MSI packages to install:
& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "<SPLUNK_ACCESS_TOKEN>"; realm = "<SPLUNK_REALM>"; collector_msi_url = "<COLLECTOR_MSI_URL>"; fluentd_msi_url = "<FLUENTD_MSI_URL>"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}
Configure Fluentd for log collection π
If you have a Log Observer entitlement or wish to collect logs for the target host with Fluentd, use the with_fluentd = 1 option to also install Fluentd when installing the Collector. For example:
& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "<SPLUNK_ACCESS_TOKEN>"; realm = "<SPLUNK_REALM>"; with_fluentd = 1}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}
When activated, the Fluentd service is configured by default to collect and forward log events with the @SPLUNK label to the Collector, which then
send these events to the HEC ingest endpoint determined by the realm = "<SPLUNK_REALM>" option.
For example, https://ingest.<SPLUNK_REALM>.signalfx.com/v1/log.
To configure the package to send log events to a custom HTTP Event Collector (HEC) endpoint URL with a token different than <SPLUNK_ACCESS_TOKEN>, you can specify the following parameters for the installer script:
hec_url = "<SPLUNK_HEC_URL>"hec_token = "<SPLUNK_HEC_TOKEN>"
For example (replace the <SPLUNK...> values in the command for your configuration):
& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "<SPLUNK_ACCESS_TOKEN>"; realm = "<SPLUNK_REALM>"; hec_url = "<SPLUNK_HEC_URL>"; hec_token = "<SPLUNK_HEC_TOKEN>"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}
The installation creates the main fluentd configuration file <drive>\opt\td-agent\etc\td-agent\td-agent.conf, where <drive> is the drive letter for the fluentd installation directory.
You can add custom fluentd source configuration files to the <drive>\opt\td-agent\etc\td-agent\conf.d
directory after installation.
Note the following:
In this directory, fluentd includes all files with the .conf extension.
By default, fluentd collects from the Windows Event Log. See
<drive>\opt\td-agent\etc\td-agent\conf.d\eventlog.conffor the default configuration.
After any configuration modification, apply the changes by restarting the system or running the following PowerShell commands:
Stop-Service fluentdwinsvc
Start-Service fluentdwinsvc
Command line options π
To add or remove command line options for the splunk-otel-collector service, run regedit and modify the ImagePath value in the HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector registry key.
Alternatively, run the following PowerShell command, replacing OPTIONS with the desired command line options:
Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector" -name "ImagePath" -value "C:\Program Files\Splunk\OpenTelemetry Collector\otelcol.exe OPTIONS"
For example, to change the default exposed metrics address of the Collector to 0.0.0.0:9090, run the following PowerShell command:
Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector" -name "ImagePath" -value "C:\Program Files\Splunk\OpenTelemetry Collector\otelcol.exe --metrics-addr 0.0.0.0:9090"
Apply the changes π
After modifying the configuration file or registry key, apply the changes by restarting the system or running the following PowerShell commands:
Stop-Service splunk-otel-collector
Start-Service splunk-otel-collector
Available command line options π
To see all available command line options, run the following PowerShell command:
& 'C:\Program Files\Splunk\OpenTelemetry Collector\otelcol.exe' --help