Get started with the Splunk Distribution of the OpenTelemetry Collector 🔗
Use the Splunk Distribution of the OpenTelemetry Collector to ingest, process, and export metric, trace, and log data and metadata in Splunk Observability Cloud.
Learn more about the Splunk Observability Cloud data model at Data types in Splunk Observability Cloud.
The OpenTelemetry Collector is a tech-agnostic way to receive, process and export telemetry data.
After you’ve installed the Collector in your platform, update your config file to define the different Collector components (receivers, processors, and exporters) you want to use. However, receivers and exporters are not enabled until they are in a pipeline, as explained in the next paragraph. You can also add extensions that provide the OpenTelemetry Collector with additional functionality, such as diagnostics and health checks. Find the available components at Collector components.
Next, you need to configure your service pipelines to determine how to process your data. In the pipelines section you tie together the receivers, processors and exporters, designing the path your data takes. Multiple pipelines can be defined, and a single receiver or exporter definition can be used in multiple pipelines. A single pipeline can also have multiple receivers or exporters within it. Learn more at Process your data with pipelines.
The OpenTelemetry Collector is an open-source project that has a core version and contribution (Contrib) versions. The core version provides receivers, processors, and exporters for general use. The Contrib version provides receivers, processors, and exporters for specific vendors and use cases.
The Splunk Distribution of the OpenTelemetry Collector is a distribution of the OpenTelemetry Collector. It sits on top of the Contrib version, and it bundles components from OpenTelemetry Core, OpenTelemetry Contrib, and other sources to provide data collection for multiple source platforms.
Caution
Splunk officially supports the Splunk Distribution of the OpenTelemetry Collector. Splunk only provides best-effort support for the upstream OpenTelemetry Collector. See Send telemetry using the OpenTelemetry Collector Contrib project for more information.
Splunk Observability Cloud is OTel native and works with any of the Collector versions. However, Splunk can provide better support response for the Splunk distribution. Any changes to the Contrib or Base OpenTelemetry Collector are required to go through the open-source vetting process, which can take some time. If you use the Splunk version, updates and hot fixes are under Splunk control. Note that all major additions to the Splunk version of the Collector do eventually make their way into the Contrib version.
Also, the customizations in the Splunk distribution include these additional features:
Better defaults for Splunk products
Discovery mode for metric sources
Automatic discovery and configuration
Note
Check out the Splunk Distribution of the OpenTelemetry Collector repo in GitHub for more details.
Data flow for the Splunk Distribution of the OpenTelemetry Collector depends on your environment. See the sections for Kubernetes, and Linux and Windows.
For more information on how to configure data pipelines, Process your data with pipelines.
The Splunk Distribution of the OpenTelemetry Collector for Kubernetes ingests, manages and exports data as shown in this diagram:
The Splunk Distribution of the OpenTelemetry Collector for Linux and Windows ingests, manages and exports data as shown in this diagram:
To collect logs with the Splunk Distribution of the OpenTelemetry Collector:
In Kubernetes environments, native OpenTelemetry log collection is supported by default. See more at Collect logs and events with the Collector for Kubernetes.
For Linux and Windows environments (physical hosts and virtual machines), use the Universal Forwarder to send logs to the Splunk platform. See more at Use the Splunk Universal Forwarder with the Collector.
If you want to send data to Splunk Enterprise using the Collector:
For Kubernetes environments, use the Collector to send metrics and logs to Splunk Enterprise. Trace collection is not supported.
For Linux and Windows environments (physical hosts and virtual machines), use the Universal Forwarder to send metrics and logs to the Splunk platform. See more at Use the Splunk Universal Forwarder with the Collector. Alternatively, you can use the Collector to forward data to the Splunk platform, but this option is not supported at the moment.
To start using the Collector gather the following resources:
Resource |
Description |
|---|---|
Access token |
Use an access token to track and manage your resource usage. Where you see |
Realm |
A realm is a self-contained deployment that hosts organizations. To find your Splunk realm, see Note about realms. |
Ports and endpoints |
Check exposed ports to make sure your environment doesn’t have conflicts and that firewalls are configured. You can change the ports in the Collector configuration. See Exposed ports and endpoints. |
See also Collector requirements for information on:
You can deploy the Collector in two modes: Host monitoring (agent) or data forwarding (gateway) mode:
In host monitoring (agent) mode, the Collector runs with the application or on the same host as the application.
In data forwarding (gateway) mode, one or more Collectors run a standalone service, for example, a container or deployment.
Learn more at Collector deployment modes.
Splunk Observability Cloud offers a guided setup to install the Collector:
Log in to Splunk Observability Cloud.
In the navigation menu, select .
Go to the Available integrations tab, or select Add Integration in the Deployed integrations tab.
Select one of the platforms in the Splunk OpenTelemetry Collector section.
Follow the step-by-step process provided in the platform’s guided setup.
The Splunk Distribution of the OpenTelemetry Collector is supported on and packaged for a variety of platforms, including:
You can also deploy the Collector with tools such as Amazon ECS EC2, Amazon Fargate, Ansible, Nomad, PCF, or Puppet. Learn more at Other Collector deployment tools and options: ECS/EC2, Fargate, Nomad, PCF.
See also Other configuration sources (Alpha/Beta).
Splunk Observability Cloud offers you a wide array of monitoring features, including a built-in dashboard which provides out-of-the-box information about the health and status of your deployed OTel Collector instances. Learn more at Monitor the Collector with Splunk Observability Cloud’s built-in dashboards.
The Collector also offers a zPages extension, which provides live data about the Collector. zPages are useful for in-process diagnostics without having to depend on any back end to examine traces or metrics.
After installing the Collector, read Get started: Understand and use the Collector.
See how to perform common actions and tasks with the Collector at Use the Collector: How to perform common tasks. For example, learn how to Remove sensitive data using the Splunk Distribution of OpenTelemetry Collector to strip data out of your telemetry, including PII.
Learn about automatic discovery and zero-code instrumentation (formerly zero configuration auto instrumentation) to detect telemetry data. Automatic discovery allows the Collector to automatically grab traces from your application, and add metrics for certain types of calls. See Automatic discovery of apps and services.
For more information see also:
Troubleshoot the Collector. Try these troubleshooting techniques and learn how to open a support request.