Docs » Get started with the Splunk Distribution of the OpenTelemetry Collector

Get started with the Splunk Distribution of the OpenTelemetry Collector 🔗

Use the Splunk Distribution of the OpenTelemetry Collector to receive, process, and export metric, trace, and log data and metadata for Splunk Observability Cloud.

Learn more about the Splunk Observability Cloud data model at Data types in Splunk Observability Cloud.

How does the Collector work?

The OpenTelemetry Collector is a tech-agnostic way to receive, process and export telemetry data.

After you’ve installed the Collector in your platform, update your config file to define the different Collector components (receivers, processors, and exporters) you want to use. However, receivers and exporters are not enabled until they are in a pipeline, as explained in the next paragraph. You can also add extensions that provide the OpenTelemetry Collector with additional functionality, such as diagnostics and health checks. Find the available components at Collector components.

Next, you need to configure your service pipelines to determine how to process your data. In the pipelines section you tie together the receivers, processors and exporters, designing the path your data takes. Multiple pipelines can be defined, and a single receiver or exporter definition can be used in multiple pipelines. A single pipeline can also have multiple receivers or exporters within it. Learn more at Process your data with pipelines.

Learn more at Get started: Understand and use the Collector.

Understand the Collector distributions

The OpenTelemetry Collector is an open-source project that has a core version and a contributions (Contrib) version. The core version provides receivers, processors, and exporters for general use. The Contrib version provides receivers, processors, and exporters for specific vendors and use cases.

The Splunk Distribution of OpenTelemetry Collector is a distribution of the OpenTelemetry Collector. It sits on top of the Contrib version, and it bundles components from OpenTelemetry Core, OpenTelemetry Contrib, and other sources to provide data collection for multiple source platforms.

flowchart LR accTitle: Splunk Distribution of OpenTelemetry Collector diagram. accDescr: The Splunk Distribution of OpenTelemetry Collector contains receivers, processors, exporters, and extensions. Receivers gather metrics and logs from infrastructure, and metrics, traces, and logs from back-end applications. Receivers send data to processors, and processors send data to exporters. Exporters send data to Splunk Observability Cloud and Splunk Cloud Platform. Front-end experiences send data directly to Splunk Observability Cloud through RUM instrumentation. subgraph "\nSplunk Distribution of OpenTelemetry Collector" receivers processors exporters extensions end Infrastructure -- "metrics, logs" --> receivers B[Back-end services] -- "traces, metrics, logs" --> receivers C[Front-end experiences] -- "traces" --> S[Splunk Observability Cloud] receivers --> processors processors --> exporters exporters --> S[Splunk Observability Cloud] exporters --> P[Splunk Cloud Platform]

Why use the Splunk distribution of the Collector?

Caution

Splunk officially supports the Splunk Distribution of OpenTelemetry Collector. Splunk only provides best-effort support for the upstream OpenTelemetry Collector. See Send telemetry using the OpenTelemetry Collector Contrib project for more information.

While Splunk Observability Cloud would work with any of the Collector versions as it’s native OTel, Splunk can provide better support response for the Splunk distribution. Any changes to the Contrib or Base OpenTelemetry Collector are required to go through the open-source vetting process, which can take some time. If you use the Splunk version, updates and hot fixes are under Splunk control. Note that all major additions to the Splunk version of the Collector do eventually make their way into the Contrib version.

Also, the customizations in the Splunk distribution include these additional features:

  • Better defaults for Splunk products

  • Discovery mode for metric sources

  • Automatic discovery and configuration

  • Fluentd for log capture, deactivated by default

  • Tools to support migration from SignalFx products

Resources and other requirements

The following table describes everything you need to start using the Collector:

Resource

Description

Access token

Use an access token to track and manage your resource usage. Where you see <access_token>, replace it with the name of your access token. Your access token needs to have the ingest authorization scope. See Create and manage organization access tokens using Splunk Observability Cloud.

Realm

A realm is a self-contained deployment that hosts organizations. To find your Splunk realm, see Note about realms.

Ports and endpoints

Check exposed ports to make sure your environment doesn’t have conflicts and that firewalls are configured. You can change the ports in the Collector configuration. See Exposed ports and endpoints.

See also Collector requirements for information on:

Install and configure the Collector

Note

Check Migrate from SignalFx Smart Agent to the Splunk Distribution of OpenTelemetry Collector to learn how to migrate your data from the SignalFx Smart Agent (deprecated) to the Collector.

Deployment modes

You can deploy the Collector in two modes: Host monitoring (agent) or data forwarding (gateway) mode:

  • In host monitoring (agent) mode, the Collector runs with the application or on the same host as the application.

  • In data forwarding (gateway) mode, one or more Collectors run a standalone service, for example, a container or deployment.

Learn more at Collector deployment modes.

Guided install for the Collector

Splunk Observability Cloud offers a guided setup to install the Collector:

  1. Log in to Splunk Observability Cloud.

  2. In the navigation menu, select Data Management.

  3. Go to the Available integrations tab, or select Add Integration in the Deployed integrations tab.

  4. Select one of the platforms in the Splunk OpenTelemetry Collector section.

  5. Follow the step-by-step process provided in the platform’s guided setup.

Advanced install

The Splunk distribution of the OpenTelemetry Collector is supported on and packaged for a variety of platforms, including:

You can also deploy the Collector with tools such as Amazon ECS EC2, Amazon Fargate, Ansible, Nomad, PCF, or Puppet. Learn more at Collector deployment tools and options.

See also Other configuration sources (Alpha/Beta).

Monitor the Collector

Splunk Observability Cloud offers you a wide array of monitoring features, including a built-in dashboard which provides out-of-the-box information about the health and status of your deployed OTel Collector instances. Learn more at Monitor the Collector with Splunk Observability Cloud’s built-in dashboards.

The Collector also offers a zPages extension, which provides live data about the Collector. zPages are useful for in-process diagnostics without having to depend on any back end to examine traces or metrics.

Available features for the Collector

See the features available for the Collector:

For more information:

Use the Collector to send data to Splunk Enterprise

If you want to send data to Splunk Enterprise using the Collector, the following applies:

  • For Kubernetes environments, use the Collector to send metrics and logs to Splunk Enterprise. Trace collection is not supported.

  • For Linux and Windows environments (physical hosts and virtual machines), use the Universal Forwarder to send metrics and logs to the Splunk platform. See more at Use the Splunk Universal Forwarder with the Collector. Alternatively, you can use the Collector to forward data to the Splunk platform, but this option is not supported at the moment.