Logparser π
The Splunk Distribution of the OpenTelemetry Collector uses the Smart Agent receiver with the telegraf/logparser monitor type to tail log files.
This integration is based on the Telegraf logparser plugin, and all
emitted metrics have the plugin dimension set to telegraf-logparser.
Benefits π
After you configure the integration, you can access these features:
View metrics. You can create your own custom dashboards, and most monitors provide built-in dashboards as well. For information about dashboards, see View dashboards in Splunk Observability Cloud.
View a data-driven visualization of the physical servers, virtual machines, AWS instances, and other resources in your environment that are visible to Infrastructure Monitoring. For information about navigators, see Use navigators in Splunk Infrastructure Monitoring.
Access the Metric Finder and search for metrics sent by the monitor. For information, see Search the Metric Finder and Metadata catalog.
Installation π
Follow these steps to deploy this integration:
Deploy the Splunk Distribution of the OpenTelemetry Collector to your host or container platform:
Configure the integration, as described in the Configuration section.
Restart the Splunk Distribution of the OpenTelemetry Collector.
Configuration π
To use this integration of a Smart Agent monitor with the Collector:
Include the Smart Agent receiver in your configuration file.
Add the monitor type to the Collector configuration, both in the receiver and pipelines sections.
See how to Use Smart Agent monitors with the Collector.
See how to set up the Smart Agent receiver.
For a list of common configuration options, refer to Common configuration settings for monitors.
Learn more about the Collector at Get started: Understand and use the Collector.
Example π
To activate this integration, add the following to your Collector configuration:
receivers:
smartagent/logparser:
type: telegraf/logparser
... # Additional config
To complete the integration, include this monitor type as a member of a
logs pipeline. Use the SignalFx exporter to make event submission
requests. Use the Resource Detection processor to ensure that host
identity and other useful information is made available as event
dimensions. For example:
service:
pipelines:
logs:
receivers:
- smartagent/logparser
processors:
- resourcedetection
exporters:
- signalfx
The following example shows a sample YAML configuration:
receivers:
smartagent/logparser:
type: telegraf/logparser
files:
- '$file'
watchMethod: poll
# Specifies the file watch method ("inotify" or "poll").
fromBeginning: true
# Specifies to read from the beginning.
measurementName: test-measurement
# This is the metric name prefix.
patterns:
- "%{COMMON_LOG_FORMAT}"
# Specifies the Apache Common Log Format (CLF).
timezone: UTC
Configuration options π
The following table shows the configuration options for this monitor type:
Option |
Required |
Type |
Description |
|---|---|---|---|
|
yes |
|
Paths to files to be tailed |
|
no |
|
|
|
no |
|
|
|
no |
|
Name of the measurement |
|
no |
|
A list of patterns to match. |
|
no |
|
A list of named grok patterns to match. |
|
no |
|
Custom grok patterns. ( |
|
no |
|
List of paths to custom grok pattern files. |
|
no |
|
|
Metrics π
The Splunk Distribution of OpenTelemetry Collector does not do any built-in filtering of metrics coming out of this monitor type.
Troubleshooting π
If you are a Splunk Observability Cloud customer and are not able to see your data in Splunk Observability Cloud, you can get help in the following ways.
Available to Splunk Observability Cloud customers
Submit a case in the Splunk Support Portal .
Contact Splunk Support .
Available to prospective customers and free trial users
Ask a question and get answers through community support at Splunk Answers .
Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups in the Get Started with Splunk Community manual.