Docs » Get started with the Splunk Distribution of the OpenTelemetry Collector

Get started with the Splunk Distribution of the OpenTelemetry Collector đź”—

Use the Splunk Distribution of the OpenTelemetry Collector to receive, process, and export metric, trace, and log data and metadata for Splunk Observability Cloud.

Learn more about the Splunk Observability Cloud data model at Data types in Splunk Observability Cloud.

How does the Collector work?¶

The OpenTelemetry Collector is a tech-agnostic way to receive, process and export telemetry data.

After you’ve installed the Collector in your platform, update your config file to define the different Collector components (receivers, processors, and exporters) you want to use. However, receivers and exporters are not enabled until they are in a pipeline, as explained in the next paragraph. You can also add extensions that provide the OpenTelemetry Collector with additional functionality, such as diagnostics and health checks. Find the available components at Collector components.

Next, you need to configure your service pipelines to determine how to process your data. In the pipelines section you tie together the receivers, processors and exporters, designing the path your data takes. Multiple pipelines can be defined, and a single receiver or exporter definition can be used in multiple pipelines. A single pipeline can also have multiple receivers or exporters within it. Learn more at Process your data with pipelines.

Understand the Collector distributions¶

The OpenTelemetry Collector is an open-source project that has a core version and a contributions (Contrib) version. The core version provides receivers, processors, and exporters for general use. The Contrib version provides receivers, processors, and exporters for specific vendors and use cases.

The Splunk Distribution of OpenTelemetry Collector is a distribution of the OpenTelemetry Collector. It sits on top of the Contrib version, and it bundles components from OpenTelemetry Core, OpenTelemetry Contrib, and other sources to provide data collection for multiple source platforms.

flowchart LR accTitle: Splunk Distribution of OpenTelemetry Collector diagram. accDescr: The Splunk Distribution of OpenTelemetry Collector contains receivers, processors, exporters, and extensions. Receivers gather metrics and logs from infrastructure, and metrics, traces, and logs from back-end applications. Receivers send data to processors, and processors send data to exporters. Exporters send data to Splunk Observability Cloud and Splunk Cloud Platform. Front-end experiences send data directly to Splunk Observability Cloud through RUM instrumentation. subgraph "\nSplunk Distribution of OpenTelemetry Collector" receivers processors exporters extensions end Infrastructure -- "metrics, logs" --> receivers B[Back-end services] -- "traces, metrics, logs" --> receivers C[Front-end experiences] -- "traces" --> S[Splunk Observability Cloud] receivers --> processors processors --> exporters exporters --> S[Splunk Observability Cloud] exporters --> P[Splunk Cloud Platform]

Why use the Splunk distribution of the Collector?¶


Splunk officially supports the Splunk Distribution of OpenTelemetry Collector. Splunk only provides best-effort support for the upstream OpenTelemetry Collector. See Send telemetry using the OpenTelemetry Collector Contrib project for more information.

While Splunk Observability Cloud would work with any of the Collector versions as it’s native OTel, Splunk can provide better support response for the Splunk distribution. Any changes to the Contrib or Base OpenTelemetry Collector are required to go through the open-source vetting process, which can take some time. If you use the Splunk version, updates and hot fixes are under Splunk control. Note that all major additions to the Splunk version of the Collector do eventually make their way into the Contrib version.

Also, the customizations in the Splunk distribution include these additional features:

  • Better defaults for Splunk products

  • Discovery mode for metric sources

  • Zero configuration auto instrumentation

  • Fluentd for log capture, deactivated by default

  • Tools to support migration from SignalFx products

Resources and other requirements¶

The following table describes everything you need to start using the Collector:



Access token

Use an access token to track and manage your resource usage. Where you see <access_token>, replace it with the name of your access token. See Create and manage organization access tokens using Splunk Observability Cloud.


A realm is a self-contained deployment that hosts organizations. You can find your realm name on your profile page in the user interface. Where you see <REALM>, replace it with the name of your organization’s realm. See realms .

Ports and endpoints

Check exposed ports to make sure your environment doesn’t have conflicts and that firewalls are configured. You can change the ports in the Collector configuration. See Exposed ports and endpoints.

See also Collector requirements for information on:

Install and configure the Collector¶


Check Migrate from SignalFx Smart Agent to the Splunk Distribution of OpenTelemetry Collector to learn how to migrate your data from the SignalFx Smart Agent (deprecated) to the Collector.

Deployment modes¶

You can deploy the Collector in two modes: Host monitoring (agent) or data forwarding (gateway) mode:

  • In host monitoring (agent) mode, the Collector runs with the application or on the same host as the application.

  • In data forwarding (gateway) mode, one or more Collectors run a standalone service, for example, a container or deployment.

Learn more at Collector deployment modes.

Install the Collector¶

Learn how to install, deploy, upgrade or uninstall the Collector in Install and deploy the Collector. Or use our guided install.

This distribution is supported on and packaged for a variety of platforms, including:

After you’ve installed the Collector, see:

Monitor the Collector¶

The default configuration automatically scrapes the Collector’s own metrics and sends the data using the signalfx exporter. A built-in dashboard provides information about the health and status of Collector instances. In addition, logs are automatically collected for the Collector and Journald processes.

The Collector also offers a zPages extension, which provides live data about the Collector. zPages are useful for in-process diagnostics without having to depend on any back end to examine traces or metrics.

Available features for the Collector¶

See the features available for the Collector:

For more information:

Use the Collector to send data to Splunk Enterprise¶

If you want to send data to Splunk Enterprise using the Collector, the following applies:

  • For Kubernetes, Splunk Enterprise supports receiving metrics and logs from the Collector. Trace collection is not supported.

  • For Linux and Windows environments (physical hosts and virtual machines), Splunk Enterprise is not compatible with the Collector. Instead, use the Universal Forwarder to send metrics, traces, and logs to the Splunk platform. See more at Use the Splunk Universal Forwarder with the Collector.