Splunk Enterprise receiver ๐
The Splunk Enterprise receiver is a pull based tool which enables you to ingest performance metrics describing the operational status of your Splunk Enterprise deployment to an appropriate observability tool. The receiver uses several different data sources, including the introspection API endpoint, to gather these metrics and serializes results from ad-hoc searches. For more information, see the REST API Reference Manual in Splunk docs.
The supported pipeline type is metrics
. See Process your data with pipelines for more information.
Caution
This receiver targets those responsible for the maintenance and care of a Splunk Enterprise deployment, and aims to leverage OpenTelemetry and observability toolsets. Be careful when enabling the receiver, since running searches can effect your Splunk Enterprise Deployment and introspection might fail to report for Splunk Cloud deployments.
Get started ๐
Follow these steps to configure and activate the component:
Deploy the Splunk Distribution of the OpenTelemetry Collector to your host or container platform:
Configure the Splunk Enterprise receiver as described in the next section.
Restart the Collector.
Sample configuration ๐
To activate the Splunk Enterprise receiver, add splunkenterprise
to the receivers
section of your configuration file:
receivers:
splunkenterprise:
To complete the configuration, include the receiver in the metrics
pipeline of the service
section of your configuration file:
service:
pipelines:
metrics:
receivers: [splunkenterprise]
Configuration options ๐
The following settings are required:
basicauth
. A configured stanza for thebasicauthextension
. Learn more at Basicauth extension.auth
. No default. String name referencing your auth extension.endpoint
. No default. Your Splunk Enterprise hostโs endpoint.
The following settings are optional:
collection_interval
.10m
by default. The time between scrape attempts.timeout
.60s
by default. The time the scrape function will wait for a response before returning an empty value.
The following applies to the Splunk Enterprise receiver configuration:
Omitting any of the mandatory settings might cause your receiver to fail to compile or result in 4/5xx return codes during scraping.
Set these parameters for each Splunk instance type (indexer, search head, or cluster master) from which you wish to pull metrics from.
Currently only one instance type is accepted per configured receiver instance. Therefore, if you have three different โindexerโ type instances to pull metrics you need to configure three different
splunkenterprise
receivers, one for each indexer node.
Configuration example ๐
See the following configuration example for the Splunk Enterprise receiver:
extensions:
basicauth/indexer:
client_auth:
username: admin
password: securityFirst
basicauth/cluster_master:
client_auth:
username: admin
password: securityFirst
receivers:
splunkenterprise:
indexer:
auth:
authenticator: basicauth/indexer
endpoint: "https://localhost:8089"
timeout: 45s
cluster_master:
auth:
authenticator: basicauth/cluster_master
endpoint: "https://localhost:8089"
timeout: 45s
exporters:
logging:
loglevel: info
service:
extensions: [basicauth/indexer, basicauth/cluster_master]
pipelines:
metrics:
receivers: [splunkenterprise]
exporters: [logging]
Metrics ๐
The following metrics, resource attributes, and attributes are available.
Note
The SignalFx exporter excludes some available metrics by default. Learn more about default metric filters in List of metrics excluded by default.
Activate or deactivate specific metrics ๐
You can activate or deactivate specific metrics by setting the enabled
field in the metrics
section for each metric. For example:
receivers:
samplereceiver:
metrics:
metric-one:
enabled: true
metric-two:
enabled: false
The following is an example of host metrics receiver configuration with activated metrics:
receivers:
hostmetrics:
scrapers:
process:
metrics:
process.cpu.utilization:
enabled: true
Note
Deactivated metrics arenโt sent to Splunk Observability Cloud.
Billing ๐
If youโre in a MTS-based subscription, all metrics count towards metrics usage.
If youโre in a host-based plan, metrics listed as active (Active: Yes) on this document are considered default and are included free of charge.
Learn more at Infrastructure Monitoring subscription usage (Host and metric plans).
Troubleshooting ๐
If you are a Splunk Observability Cloud customer and are not able to see your data in Splunk Observability Cloud, you can get help in the following ways.
Available to Splunk Observability Cloud customers
Submit a case in the Splunk Support Portal .
Contact Splunk Support .
Available to prospective customers and free trial users
Ask a question and get answers through community support at Splunk Answers .
Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups in the Get Started with Splunk Community manual.