Fluent Forward receiver 🔗
Caution
fluentd` will be deprecated in October 2025. In Kubernetes environments use native OpenTelemetry log collection instead. In Linux and Windows platforms use the Universal Forwarder. See :ref:otel-config-logs`.
The Fluent Forward receiver allows the Splunk Distribution of the OpenTelemetry Collector to collect events using the bundled Fluentd application. The supported pipeline type is logs. See Process your data with pipelines for more information.
The receiver accepts data formatted as Fluent Forward events through a TCP connection. All three Fluent event types, message, forward, and packed forward, are supported, including compressed packed forward.
Get started 🔗
Follow these steps to configure and activate the component:
Deploy the Splunk Distribution of the OpenTelemetry Collector to your host or container platform:
Configure the receiver as described in the next document.
Restart the Collector.
Next, add the Fluent Forward receiver in the logs pipeline:
receivers:
fluentforward:
endpoint: 127.0.0.1:8006
service:
pipelines:
logs:
receivers: [fluentforward]
Settings 🔗
The following table shows the configuration options for the Fluent Forward receiver:
Troubleshooting 🔗
If you are a Splunk Observability Cloud customer and are not able to see your data in Splunk Observability Cloud, you can get help in the following ways.
Available to Splunk Observability Cloud customers
Submit a case in the Splunk Support Portal .
Contact Splunk Support .
Available to prospective customers and free trial users
Ask a question and get answers through community support at Splunk Answers .
Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups in the Get Started with Splunk Community manual.