Get started with the Splunk Distribution of the OpenTelemetry Collector 🔗
Use the Splunk Distribution of the OpenTelemetry Collector to receive, process, and export metric, trace, and log data and metadata for Splunk Observability Cloud.
Learn more about the Splunk Observability Cloud data model at Data types in Splunk Observability Cloud.
The OpenTelemetry Collector is a tech-agnostic way to receive, process and export telemetry data.
After you’ve installed the Collector in your platform, update your config file to define the different Collector components (receivers, processors, and exporters) you want to use. However, receivers and exporters are not enabled until they are in a pipeline, as explained in the next paragraph. You can also add extensions that provide the OpenTelemetry Collector with additional functionality, such as diagnostics and health checks. Find the available components at Collector components.
Next, you need to configure your service pipelines to determine how to process your data. In the pipelines section you tie together the receivers, processors and exporters, designing the path your data takes. Multiple pipelines can be defined, and a single receiver or exporter definition can be used in multiple pipelines. A single pipeline can also have multiple receivers or exporters within it. Learn more at Process your data with pipelines.
The OpenTelemetry Collector is an open-source project that has a core version and a contributions (Contrib) version. The core version provides receivers, processors, and exporters for general use. The Contrib version provides receivers, processors, and exporters for specific vendors and use cases.
The Splunk Distribution of OpenTelemetry Collector is a distribution of the OpenTelemetry Collector. It sits on top of the Contrib version, and it bundles components from OpenTelemetry Core, OpenTelemetry Contrib, and other sources to provide data collection for multiple source platforms.
Splunk officially supports the Splunk Distribution of OpenTelemetry Collector. Splunk only provides best-effort support for the upstream OpenTelemetry Collector. See Send telemetry using the OpenTelemetry Collector Contrib project for more information.
While Splunk Observability Cloud would work with any of the Collector versions as it’s native OTel, Splunk can provide better support response for the Splunk distribution. Any changes to the Contrib or Base OpenTelemetry Collector are required to go through the open-source vetting process, which can take some time. If you use the Splunk version, updates and hot fixes are under Splunk control. Note that all major additions to the Splunk version of the Collector do eventually make their way into the Contrib version.
Also, the customizations in the Splunk distribution include these additional features:
Better defaults for Splunk products
Discovery mode for metric sources
Zero configuration auto instrumentation
Fluentd for log capture, deactivated by default
Tools to support migration from SignalFx products
The following table describes everything you need to start using the Collector:
Use an access token to track and manage your resource usage. Where you see
A realm is a self-contained deployment that hosts organizations. You can find your realm name on your profile page in the user interface. Where you see
Ports and endpoints
Check exposed ports to make sure your environment doesn’t have conflicts and that firewalls are configured. You can change the ports in the Collector configuration. See Exposed ports and endpoints.
See also Collector requirements for information on:
Check Migrate from SignalFx Smart Agent to the Splunk Distribution of OpenTelemetry Collector to learn how to migrate your data from the SignalFx Smart Agent (deprecated) to the Collector.
You can deploy the Collector in two modes: Host monitoring (agent) or data forwarding (gateway) mode:
In host monitoring (agent) mode, the Collector runs with the application or on the same host as the application.
In data forwarding (gateway) mode, one or more Collectors run a standalone service, for example, a container or deployment.
Learn more at Collector deployment modes.
This distribution is supported on and packaged for a variety of platforms, including:
After you’ve installed the Collector, see:
The default configuration automatically scrapes the Collector’s own metrics and sends the data using the
signalfx exporter. A built-in dashboard provides information about the health and status of Collector instances. In addition, logs are automatically collected for the Collector and Journald processes.
The Collector also offers a zPages extension, which provides live data about the Collector. zPages are useful for in-process diagnostics without having to depend on any back end to examine traces or metrics.
See the features available for the Collector:
See how to perform common actions and tasks with the Collector at Use the Collector: How to perform common tasks. For example, learn how to Remove sensitive data using the Splunk Distribution of OpenTelemetry Collector to strip data out of your telemetry, including PII.
Learn about the discovery mode to detect metrics. See Discover and configure metrics sources automatically.
Activate auto-instrumentation so that the Collector can automatically grab traces from your application, and add metrics for certain types of calls. See Splunk OpenTelemetry Zero Configuration Auto Instrumentation.
For more information:
Troubleshoot the Collector. Try these troubleshooting techniques and learn how to open a support request.
If you want to send data to Splunk Enterprise using the Collector, the following applies:
For Kubernetes, Splunk Enterprise supports receiving metrics and logs from the Collector. Trace collection is not supported.
For Linux and Windows environments (physical hosts and virtual machines), Splunk Enterprise is not compatible with the Collector. Instead, use the Universal Forwarder to send metrics, traces, and logs to the Splunk platform. See more at Use the Splunk Universal Forwarder with the Collector.