Install the Collector for Windows with the installer script π
The Splunk Distribution of the OpenTelemetry Collector for Windows is a package that provides integrated collection and forwarding for all data types. Read on to see how to install it using the installer script.
Note
The Splunk Distribution of the OpenTelemetry Collector comes with a default configuration, as detailed in Collector for Windows default configuration. To modify this configuration, refer to Advanced configuration for Windows.
To learn how to obtain logs, see Collect logs for the Collector for Windows.
Alternatively, you can also install the Collector for Windows:
Using MSI. See Install the Collector for Windows using the MSI installer.
Using deployment tools. See Install the Collector for Windows using deployment tools.
Manually. See Install the Collector for Windows manually.
Prerequisites π
The Collector supports the following Windows versions, depending on the installation method:
Install method |
Supported versions (64-bit) |
---|---|
Installer script |
Windows 10 Pro and Home, Windows Server 2016, 2019, 2022 |
Windows installer (MSI) |
Windows 10 Pro and Home, Windows Server 2016, 2019, 2022 |
Ansible |
Windows 10 Pro and Home, Windows Server 2016, 2019, 2022 |
Chef |
Windows 10 Pro and Home, Windows Server 2019, 2022 |
Nomad |
Windows 10 Pro and Home, Windows Server 2016, 2019 |
Puppet |
Windows 10 Pro and Home, Windows Server 2016, 2019 |
Docker |
Windows 10 Pro and Home, Windows Server 2019, 2022 |
Note
PowerShell 3.0 or higher is required.
Included packages π
The Windows installer script installs the following packages:
Dotnet autoinstrumentation, if enabled. See Instrument .NET applications for Splunk Observability Cloud (OpenTelemetry).
Fluentd, if enabled. See Collect Windows logs with Fluentd.
JMX metric gatherer.
For Docker environments only, Java JDK and JRE.
Install the Collector for Windows using the installer script π
The installer script is available for Windows 64-bit environments, and deploys and configures:
The Splunk Distribution of the OpenTelemetry Collector for Windows
Fluentd through the
td-agent
, which is deactivated by default
To install the package using the installer script, follow these steps:
Ensure that you have Administrator access on your host.
Run the following PowerShell command on your host, replacing the following variables for your environment:
SPLUNK_REALM
: This is the realm to send data to. The default isus0
. See realms .SPLUNK_ACCESS_TOKEN
: This is the base64-encoded access token for authenticating data ingest requests. Your access token needs to have the ingest authorization scope. See Create and manage organization access tokens using Splunk Observability Cloud.
& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "SPLUNK_ACCESS_TOKEN"; realm = "SPLUNK_REALM"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}
If you need to activate TLS in PowerShell, use the command:
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
Caution
Starting from version 0.89, the installer for the Splunk Distribution of the OpenTelemetry Collector for Windows sets its configuration using environment variables at service level instead of global level. To configure additional settings use service, process, or terminal scopes.
Start the Collector executable manually π
If you experience unexpected start failures, try to start the Collector executable manually.
To do so, run the following PowerShell command as an Admin:
& 'C:\Program Files\Splunk\OpenTelemetry Collector\otelcol.exe' --config 'C:\ProgramData\Splunk\OpenTelemetry Collector\agent_config.yaml'
Options of the installer script for Windows π
The Windows installer script supports the following options:
Option |
Description |
Default value |
---|---|---|
|
The token used to send metric data to Splunk. |
|
|
The Splunk realm to use. The ingest, API, trace, and HEC endpoint URLs are automatically created using this value. To find your Splunk realm, see Note about realms. |
|
|
Total memory in MIB to allocate to the Collector. Automatically calculates the ballast size. See Sizing and scaling for more information. |
|
|
Configure the Collectorservice to run in host monitoring ( |
|
|
The network interface the Collectorreceivers listen on. |
|
|
Set the base ingest URL explicitly instead of the URL inferred from the specified realm. |
|
|
Set the base API URL explicitly instead of the URL inferred from the specified realm. |
|
|
Set the trace endpoint URL explicitly instead of the endpoint inferred from the specified realm. |
|
|
Set the HEC endpoint URL explicitly instead of the endpoint inferred from the specified realm. |
|
|
Set the HEC token if itβs different than the specified Splunk access token. |
|
|
Whether to install and configure fluentd to forward log events to the collector. See Collect Windows logs with Fluentd for more information. |
|
|
Whether to install and configure .NET tracing to forward .NET application traces to the local collector. |
|
|
A system-wide environment tag used by .NET instrumentation. Sets the |
|
|
The location of your Smart Agent bundle for monitor functionality. |
|
|
If true then certificates arenβt checked when downloading resources. |
|
|
Specify a specific version of the Collector to install. |
Latest version available |
|
The package stage to install from [ |
|
|
When installing the Collector, instead of downloading the package, use this local path to a Splunk OpenTelemetry Collector MSI package. If specified, the |
|
|
Specify the URL to the Fluentd MSI package to install. |
|
|
Specify a local path to a Splunk OpenTelemetry Collector MSI package to install instead of downloading the package. If specified, the |
|
|
Specify public MSI properties to be used when installing the Splunk OpenTelemetry Collector MSI package. |
Collect logs for the Collector for Windows π
Use the Universal Forwarder to send logs to the Splunk platform. See more at Use the Splunk Universal Forwarder with the Collector.
Collect Windows logs with Fluentd π
If you have a Log Observer entitlement or wish to collect logs for the target host with Fluentd, use the with_fluentd = 1
option to install and enable Fluentd when installing the Collector. For example:
& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "<SPLUNK_ACCESS_TOKEN>"; realm = "<SPLUNK_REALM>"; with_fluentd = 1}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}
When activated, the Fluentd service is configured by default to collect and forward log events with the @SPLUNK
label to the Collector, which then send these events to the HEC ingest endpoint determined by the realm = "<SPLUNK_REALM>"
option.
For example, https://ingest.<SPLUNK_REALM>.signalfx.com/v1/log
.
To configure the package to send log events to a custom HTTP Event Collector (HEC) endpoint URL with a token different than <SPLUNK_ACCESS_TOKEN>
, you can specify the following parameters for the installer script:
hec_url = "<SPLUNK_HEC_URL>"
hec_token = "<SPLUNK_HEC_TOKEN>"
For example (replace the <SPLUNK...>
values in the command for your configuration):
& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "<SPLUNK_ACCESS_TOKEN>"; realm = "<SPLUNK_REALM>"; hec_url = "<SPLUNK_HEC_URL>"; hec_token = "<SPLUNK_HEC_TOKEN>"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}
The installation creates the main fluentd configuration file <drive>\opt\td-agent\etc\td-agent\td-agent.conf
, where <drive>
is the drive letter for the fluentd installation directory.
You can add custom fluentd source configuration files to the <drive>\opt\td-agent\etc\td-agent\conf.d
directory after installation.
Note the following:
In this directory, fluentd includes all files with the .conf extension.
By default, fluentd collects from the Windows Event Log. See
<drive>\opt\td-agent\etc\td-agent\conf.d\eventlog.conf
for the default configuration.
After any configuration modification, apply the changes by restarting the system or running the following PowerShell commands:
Stop-Service fluentdwinsvc
Start-Service fluentdwinsvc
Next steps π
After you have installed the package, see:
View logs and errors in the Windows Event Viewer. Search for βview logs and errorsβ on the Microsoft documentation site for more information.