Docs » Get started with the Splunk Distribution of the OpenTelemetry Collector » Get started: Understand and use the Collector » Tutorial: Use the Collector to send container logs to Splunk Enterprise

Tutorial: Use the Collector to send container logs to Splunk Enterprise 🔗

Follow this tutorial to use the Splunk distribution of the OpenTelemetry Collector to send Docker container logs to a Splunk Enterprise instance, using Docker Compose to manage the multicontainer environment.

Using the Collector to process the logs before sending them to Splunk Enterprise offers the following benefits over indexing them directly:

  • Log format standardization, transformation, and processing

  • Centralized configuration

  • Metadata enrichment

  • Filtering out unneeded logs

  • Load balancing

  • Routing logs to specific indexes

  • Open standards and interoperability

What's in this tutorial

After completing this tutorial, you can accomplish the following tasks:

  • Create a Docker Compose environment that manages all the services used to send container logs to a Splunk Enterprise server.

  • Configure the Collector to receive, process, and export container logs.

  • Configure Splunk Enterprise indexes for log storage.

  • Deploy and verify the complete pipeline, from container log emission to Splunk Enterprise indexing and search.

How to use this tutorial

Each part of this tutorial builds on the previous part. Follow the tutorial parts in order.

  1. Configure the logging, Collector, and Splunk Enterprise services using Docker Compose. See Part 1: Configure the log collection environment.

  2. Configure the Collector components and the Splunk Enterprise indexes. See Part 2: Configure the Collector and Splunk Enterprise instance.

  3. Deploy and verify your complete containerized environment. See Part 3: Deploy and verify the environment

Prerequisites

  • Docker, Docker Compose, and Git installed on your system.

  • Sufficient resources available to run a multicontainer environment, including at least 4 GB of RAM.

  • The following ports available and not blocked by a firewall:

    • 18000:8000 for Splunk Web

    • 18088:8088 for the OpenTelemetry Collector

Get started

To get started with the tutorial, see Part 1: Configure the log collection environment.

This page was last updated on Jul 09, 2024.