Docs » Get started with the Splunk Distribution of the OpenTelemetry Collector

Get started with the Splunk Distribution of the OpenTelemetry Collector 🔗

Use the Splunk Distribution of the OpenTelemetry Collector to ingest, process, and export metric, trace, and log data and metadata in Splunk Observability Cloud.

Learn more about the Splunk Observability Cloud data model at Data types in Splunk Observability Cloud.

How does the OpenTelemetry Collector work?¶

The OpenTelemetry Collector is a tech-agnostic way to receive, process and export telemetry data.

After you’ve installed the Collector in your platform, update your config file to define the different Collector components (receivers, processors, and exporters) you want to use. However, receivers and exporters are not enabled until they are in a pipeline, as explained in the next paragraph. You can also add extensions that provide the OpenTelemetry Collector with additional functionality, such as diagnostics and health checks. Find the available components at Collector components.

Next, you need to configure your service pipelines to determine how to process your data. In the pipelines section you tie together the receivers, processors and exporters, designing the path your data takes. Multiple pipelines can be defined, and a single receiver or exporter definition can be used in multiple pipelines. A single pipeline can also have multiple receivers or exporters within it. Learn more at Process your data with pipelines.

Understand the Collector distributions¶

The OpenTelemetry Collector is an open-source project that has a core version and contribution (Contrib) versions. The core version provides receivers, processors, and exporters for general use. The Contrib version provides receivers, processors, and exporters for specific vendors and use cases.

The Splunk Distribution of the OpenTelemetry Collector is a distribution of the OpenTelemetry Collector. It sits on top of the Contrib version, and it bundles components from OpenTelemetry Core, OpenTelemetry Contrib, and other sources to provide data collection for multiple source platforms.

Why use the Splunk distribution of the Collector?¶

Caution

Splunk officially supports the Splunk Distribution of the OpenTelemetry Collector. Splunk only provides best-effort support for the upstream OpenTelemetry Collector. See Send telemetry using the OpenTelemetry Collector Contrib project for more information.

While Splunk Observability Cloud would work with any of the Collector versions as it’s native OTel, Splunk can provide better support response for the Splunk distribution. Any changes to the Contrib or Base OpenTelemetry Collector are required to go through the open-source vetting process, which can take some time. If you use the Splunk version, updates and hot fixes are under Splunk control. Note that all major additions to the Splunk version of the Collector do eventually make their way into the Contrib version.

Also, the customizations in the Splunk distribution include these additional features:

  • Better defaults for Splunk products

  • Discovery mode for metric sources

  • Automatic discovery and configuration

  • Fluentd for log capture, deactivated by default

Data flow in the Splunk Distribution of the OpenTelemetry Collector¶

Data flow for the Splunk Distribution of the OpenTelemetry Collector depends on your environment. See the sections for Kubernetes, and Linux and Windows.

For more information on how to configure data pipelines, Process your data with pipelines.

Data flow in the Splunk Collector for Kubernetes¶

The Splunk Distribution of the OpenTelemetry Collector for Kubernetes ingests, manages and exports data as shown in this diagram:

flowchart LR accTitle: Splunk Distribution of the OpenTelemetry Collector for Kubernetes diagram. accDescr: The Splunk Distribution of OpenTelemetry Collector contains receivers, processors, exporters, and extensions. Receivers gather metrics and logs from infrastructure, and metrics, traces, and logs from back-end applications. Receivers send data to processors, and processors send data to exporters. Exporters send data to Splunk Observability Cloud and Splunk Cloud Platform. Front-end experiences send data directly to Splunk Observability Cloud through RUM instrumentation. subgraph "\nSplunk OpenTelemetry Collector for Kubernetes" receivers processors exporters extensions end Infrastructure -- "metrics, logs (native OTel)" --> receivers B[Back-end services] -- "traces, metrics, logs (native OTel)" --> receivers C[Front-end experiences] -- "traces" --> S[Splunk Observability Cloud] receivers --> processors processors --> exporters exporters --> S[Splunk Observability Cloud] exporters --> P[Splunk Cloud Platform] exporters -- "metrics, logs (traces not supported)" --> U[Splunk Enterprise]

Data flow in the Splunk Collector for Linux and Windows¶

The Splunk Distribution of the OpenTelemetry Collector for Linux and Windows ingests, manages and exports data as shown in this diagram:

flowchart LR accTitle: Splunk Distribution of the OpenTelemetry Collector diagram. accDescr: The Splunk Distribution of the OpenTelemetry Collector contains receivers, processors, exporters, and extensions. Receivers gather metrics and logs from infrastructure, and metrics, traces, and logs from back-end applications. Receivers send data to processors, and processors send data to exporters. Exporters send data to Splunk Observability Cloud and Splunk Cloud Platform. Front-end experiences send data directly to Splunk Observability Cloud through RUM instrumentation. subgraph "\nSplunk OpenTelemetry Collector for Linux and Windows" receivers processors exporters extensions end Infrastructure -- "metrics" --> receivers B[Back-end services] -- "traces, metrics" --> receivers C[Front-end experiences] -- "traces" --> S[Splunk Observability Cloud] receivers --> processors processors --> exporters exporters --> S[Splunk Observability Cloud] exporters --> P[Splunk Cloud Platform]

Collect logs ¶

To collect logs with the Splunk Distribution of the OpenTelemetry Collector:

Note

If you wish to collect logs for the target host, install and enable Fluentd in your Collector instance.

Send data to Splunk Enterprise¶

If you want to send data to Splunk Enterprise using the Collector:

  • For Kubernetes environments, use the Collector to send metrics and logs to Splunk Enterprise. Trace collection is not supported.

  • For Linux and Windows environments (physical hosts and virtual machines), use the Universal Forwarder to send metrics and logs to the Splunk platform. See more at Use the Splunk Universal Forwarder with the Collector. Alternatively, you can use the Collector to forward data to the Splunk platform, but this option is not supported at the moment.

Resources and other requirements¶

To start using the Collector gather the following resources:

Resource

Description

Access token

Use an access token to track and manage your resource usage. Where you see <access_token>, replace it with the name of your access token. Your access token needs to have the ingest authorization scope. See Create and manage organization access tokens using Splunk Observability Cloud.

Realm

A realm is a self-contained deployment that hosts organizations. To find your Splunk realm, see Note about realms.

Ports and endpoints

Check exposed ports to make sure your environment doesn’t have conflicts and that firewalls are configured. You can change the ports in the Collector configuration. See Exposed ports and endpoints.

See also Collector requirements for information on:

Install and configure the Splunk Distribution of the OpenTelemetry Collector ¶

Deployment modes¶

You can deploy the Collector in two modes: Host monitoring (agent) or data forwarding (gateway) mode:

  • In host monitoring (agent) mode, the Collector runs with the application or on the same host as the application.

  • In data forwarding (gateway) mode, one or more Collectors run a standalone service, for example, a container or deployment.

Learn more at Collector deployment modes.

Guided install for the Collector¶

Splunk Observability Cloud offers a guided setup to install the Collector:

  1. Log in to Splunk Observability Cloud.

  2. In the navigation menu, select Data Management.

  3. Go to the Available integrations tab, or select Add Integration in the Deployed integrations tab.

  4. Select one of the platforms in the Splunk OpenTelemetry Collector section.

  5. Follow the step-by-step process provided in the platform’s guided setup.

Advanced install¶

The Splunk Distribution of the OpenTelemetry Collector is supported on and packaged for a variety of platforms, including:

You can also deploy the Collector with tools such as Amazon ECS EC2, Amazon Fargate, Ansible, Nomad, PCF, or Puppet. Learn more at Other Collector deployment tools and options: ECS/EC2, Fargate, Nomad, PCF.

See also Other configuration sources (Alpha/Beta).

Monitor the Collector¶

Splunk Observability Cloud offers you a wide array of monitoring features, including a built-in dashboard which provides out-of-the-box information about the health and status of your deployed OTel Collector instances. Learn more at Monitor the Collector with Splunk Observability Cloud’s built-in dashboards.

The Collector also offers a zPages extension, which provides live data about the Collector. zPages are useful for in-process diagnostics without having to depend on any back end to examine traces or metrics.

Available features for the Collector¶

After installing the Collector, read Get started: Understand and use the Collector.

For more information see also:

This page was last updated on Nov 26, 2024.