Advanced configuration for Windows π
The Collector comes with a default configuration. To learn more, see Collector for Windows default configuration.
Change the default configuration file for the Collector for Windows π
All installation methods offer default configurations using environment variables. Before starting the splunk-otel-collector
service, replace the variables in the default configuration file with the appropriate values for your environment.
Splunk-specific environment variables are listed on the table below:
Name |
Description |
Default config? |
---|---|---|
|
The Splunk access token to authenticate requests |
Yes |
|
The Splunk API URL. For example, https://api.us0.signalfx.com |
Yes |
|
|
No |
|
The path to the Smart Agent bundle. For example, |
Yes |
|
The path to the collectd config directory for the Smart Agent. For example, |
Yes |
|
Destination path of the Collector custom configuration file |
No |
|
Specifies your custom configuration YAML. This is useful in environments where access to the underlying file system is not readily available |
No |
|
By default, the Collector provides a sensitive value-redacting, local config server listening at http://localhost:55554/debug/configz/effective, which is helpful in troubleshooting. To disable it, set |
No |
|
The Splunk HEC authentication token |
Yes |
|
The Splunk HEC endpoint URL. For example, https://ingest.us0.signalfx.com/v1/log |
Yes |
|
The Splunk ingest URL. For example, https://ingest.us0.signalfx.com |
Yes |
|
The network interface the agent receivers listen on. |
Yes |
|
Use it to set the memory limit for the |
No |
|
Total memory in MiB to allocate to the Collector |
No |
|
Your Splunk realm |
No |
|
The Splunk trace endpoint URL. For example, https://ingest.us0.signalfx.com/v2/trace |
Yes |
SPLUNK_*_URL
environment variables are automatically derived from SPLUNK_REALM
. For example, SPLUNK_INGEST_URL
= https://ingest.SPLUNK_REALM.signalfx.com.
Note
When configuring additional settings, use service, process, or terminal scopes.
Based on the specified installation parameters, the environment variables are saved to the HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector
registry key and set on the Environment
entry.
To modify any of the configuration values, run regedit
and browse to the path.
Configure memory allocation π
To configure memory allocation, use the memory
parameter, which sets the environment variable SPLUNK_MEMORY_TOTAL_MIB
.
By default, the Collector is configured to use 512 MiB of memory.
To modify this setting, replace
SPLUNK_MEMORY_TOTAL_MIB
with the desired integer value.
& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "SPLUNK_ACCESS_TOKEN"; realm = "SPLUNK_REALM"; memory = "SPLUNK_MEMORY_TOTAL_MIB"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}
Read more about Collector sizing in Sizing and scaling.
Configure proxy settings π
To configure proxy settings to install and run the OpenTelemetry Collector, see Configure proxy settings for the Collector.
Configure log collection for the Collector for Windows π
For Windows environments (physical hosts and virtual machines), use the Universal Forwarder to send logs to the Splunk platform. See more at Use the Splunk Universal Forwarder with the Collector.
Configure Fluentd for log collection π
If you have a Log Observer entitlement or wish to collect logs for the target host with Fluentd, use the with_fluentd = 1
option to install and enable Fluentd when installing the Collector. For example:
& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "<SPLUNK_ACCESS_TOKEN>"; realm = "<SPLUNK_REALM>"; with_fluentd = 1}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}
When activated, the Fluentd service is configured by default to collect and forward log events with the @SPLUNK
label to the Collector, which then send these events to the HEC ingest endpoint determined by the realm = "<SPLUNK_REALM>"
option.
For example, https://ingest.<SPLUNK_REALM>.signalfx.com/v1/log
.
To configure the package to send log events to a custom HTTP Event Collector (HEC) endpoint URL with a token different than <SPLUNK_ACCESS_TOKEN>
, you can specify the following parameters for the installer script:
hec_url = "<SPLUNK_HEC_URL>"
hec_token = "<SPLUNK_HEC_TOKEN>"
For example (replace the <SPLUNK...>
values in the command for your configuration):
& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('https://dl.signalfx.com/splunk-otel-collector.ps1')); $params = @{access_token = "<SPLUNK_ACCESS_TOKEN>"; realm = "<SPLUNK_REALM>"; hec_url = "<SPLUNK_HEC_URL>"; hec_token = "<SPLUNK_HEC_TOKEN>"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}
The installation creates the main fluentd configuration file <drive>\opt\td-agent\etc\td-agent\td-agent.conf
, where <drive>
is the drive letter for the fluentd installation directory.
You can add custom fluentd source configuration files to the <drive>\opt\td-agent\etc\td-agent\conf.d
directory after installation.
Note the following:
In this directory, fluentd includes all files with the .conf extension.
By default, fluentd collects from the Windows Event Log. See
<drive>\opt\td-agent\etc\td-agent\conf.d\eventlog.conf
for the default configuration.
After any configuration modification, apply the changes by restarting the system or running the following PowerShell commands:
Stop-Service fluentdwinsvc
Start-Service fluentdwinsvc
Command line options π
To add or remove command line options for the splunk-otel-collector
service, run regedit
and modify the ImagePath
value in the HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector
registry key.
Alternatively, run the following PowerShell command, replacing OPTIONS
with the desired command line options:
Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector" -name "ImagePath" -value "C:\Program Files\Splunk\OpenTelemetry Collector\otelcol.exe OPTIONS"
For example, to change the default exposed metrics address of the Collector to 0.0.0.0:9090
, run the following PowerShell command:
Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\splunk-otel-collector" -name "ImagePath" -value "C:\Program Files\Splunk\OpenTelemetry Collector\otelcol.exe --metrics-addr 0.0.0.0:9090"
Apply the changes π
After modifying the configuration file or registry key, apply the changes by restarting the system or running the following PowerShell commands:
Stop-Service splunk-otel-collector
Start-Service splunk-otel-collector
Available command line options π
To see all available command line options, run the following PowerShell command:
& 'C:\Program Files\Splunk\OpenTelemetry Collector\otelcol.exe' --help