Docs » Get started with the Splunk Distribution of the OpenTelemetry Collector » Get started with the Collector for Windows » Advanced configuration for Windows

Advanced configuration for Windows πŸ”—

The Collector comes with a default configuration. To learn more, see Collector for Windows default configuration.

Change the default configuration file for the Collector for Windows πŸ”—

All installation methods offer default configurations using environment variables. Before starting the splunk-otel-collector service, replace the variables in the default configuration file with the appropriate values for your environment.

Splunk-specific environment variables are listed on the table below:



Default config?


The Splunk access token to authenticate requests



The Splunk API URL. For example,



memory_ballast is deprecated. If you’re using this variable, see how to update your configuration.



The path to the Smart Agent bundle. For example, /usr/lib/splunk-otel-collector/agent-bundle



The path to the collectd config directory for the Smart Agent. For example, /usr/lib/splunk-otel-collector/agent-bundle/run/collectd



Destination path of the Collector custom configuration file



Specifies your custom configuration YAML. This is useful in environments where access to the underlying file system is not readily available



By default, the Collector provides a sensitive value-redacting, local config server listening at http://localhost:55554/debug/configz/effective, which is helpful in troubleshooting. To disable it, set SPLUNK_DEBUG_CONFIG_SERVER to any value other than true. To set the desired port to listen to, use SPLUNK_DEBUG_CONFIG_SERVER_PORT



The Splunk HEC authentication token



The Splunk HEC endpoint URL. For example,



The Splunk ingest URL. For example,



The network interface the agent receivers listen on. by default



Use it to set the memory limit for the memory_limiter processor. 512 MiB by default



Total memory in MiB to allocate to the Collector



Your Splunk realm



The Splunk trace endpoint URL. For example,


SPLUNK_*_URL environment variables are automatically derived from SPLUNK_REALM. For example, SPLUNK_INGEST_URL =


When configuring additional settings, use service, process, or terminal scopes.

Based on the specified installation parameters, the environment variables are saved to the HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector registry key and set on the Environment entry.

To modify any of the configuration values, run regedit and browse to the path.

Configure memory allocation πŸ”—

To configure memory allocation, use the memory parameter, which sets the environment variable SPLUNK_MEMORY_TOTAL_MIB.

  • By default, the Collector is configured to use 512 MiB of memory.

  • To modify this setting, replace SPLUNK_MEMORY_TOTAL_MIB with the desired integer value.

& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('')); $params = @{access_token = "SPLUNK_ACCESS_TOKEN"; realm = "SPLUNK_REALM"; memory = "SPLUNK_MEMORY_TOTAL_MIB"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}

Read more about Collector sizing in Sizing and scaling.

Configure proxy settings πŸ”—

To configure proxy settings to install and run the OpenTelemetry Collector, see Configure proxy settings for the Collector.

Configure log collection for the Collector for Windows πŸ”—

For Windows environments (physical hosts and virtual machines), use the Universal Forwarder to send logs to the Splunk platform. See more at Use the Splunk Universal Forwarder with the Collector.

Configure Fluentd for log collection πŸ”—

If you have a Log Observer entitlement or wish to collect logs for the target host with Fluentd, use the with_fluentd = 1 option to install and enable Fluentd when installing the Collector. For example:

& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('')); $params = @{access_token = "<SPLUNK_ACCESS_TOKEN>"; realm = "<SPLUNK_REALM>"; with_fluentd = 1}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}

When activated, the Fluentd service is configured by default to collect and forward log events with the @SPLUNK label to the Collector, which then send these events to the HEC ingest endpoint determined by the realm = "<SPLUNK_REALM>" option. For example, https://ingest.<SPLUNK_REALM>

To configure the package to send log events to a custom HTTP Event Collector (HEC) endpoint URL with a token different than <SPLUNK_ACCESS_TOKEN>, you can specify the following parameters for the installer script:

  • hec_url = "<SPLUNK_HEC_URL>"

  • hec_token = "<SPLUNK_HEC_TOKEN>"

For example (replace the <SPLUNK...> values in the command for your configuration):

& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('')); $params = @{access_token = "<SPLUNK_ACCESS_TOKEN>"; realm = "<SPLUNK_REALM>"; hec_url = "<SPLUNK_HEC_URL>"; hec_token = "<SPLUNK_HEC_TOKEN>"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}

The installation creates the main fluentd configuration file <drive>\opt\td-agent\etc\td-agent\td-agent.conf, where <drive> is the drive letter for the fluentd installation directory.

You can add custom fluentd source configuration files to the <drive>\opt\td-agent\etc\td-agent\conf.d directory after installation.

Note the following:

  • In this directory, fluentd includes all files with the .conf extension.

  • By default, fluentd collects from the Windows Event Log. See <drive>\opt\td-agent\etc\td-agent\conf.d\eventlog.conf for the default configuration.

After any configuration modification, apply the changes by restarting the system or running the following PowerShell commands:

Stop-Service fluentdwinsvc
Start-Service fluentdwinsvc

Command line options πŸ”—

To add or remove command line options for the splunk-otel-collector service, run regedit and modify the ImagePath value in the HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector registry key.

Alternatively, run the following PowerShell command, replacing OPTIONS with the desired command line options:

Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector" -name "ImagePath" -value "C:\Program Files\Splunk\OpenTelemetry Collector\otelcol.exe OPTIONS"

For example, to change the default exposed metrics address of the Collector to, run the following PowerShell command:

Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector" -name "ImagePath" -value "C:\Program Files\Splunk\OpenTelemetry Collector\otelcol.exe --metrics-addr"

Apply the changes πŸ”—

After modifying the configuration file or registry key, apply the changes by restarting the system or running the following PowerShell commands:

Stop-Service splunk-otel-collector
Start-Service splunk-otel-collector

Available command line options πŸ”—

To see all available command line options, run the following PowerShell command:

& 'C:\Program Files\Splunk\OpenTelemetry Collector\otelcol.exe' --help

This page was last updated on Jul 04, 2024.