Docs » Install and configure Splunk Distribution of OpenTelemetry Collector » Configure the Splunk OpenTelemetry Collector

Configure the Splunk OpenTelemetry Collector 🔗

The collector is configured using the following files:

  • agent_config.yaml, which is the recommended starting configuration for most environments. This is the default configuration file for the Linux (Debian/RPM) and Windows Installer collector packages.

  • full_config_linux.yaml, which is an extended configuration. This configuration requires opentelemetry-collector-contrib or a distribution based on opentelemetry-collector-contrib.

  • Fluentd, which is used to collect logs. Fluentd is applicable to Helm or installer script installations only. Common sources including filelog, journald, and Windows Event Viewer are included in the installation. See the Fluentd configuration documentation for more information.

    • The Fluentd directory contains the following files:

      • fluent.conf or td-agent.conf. These are the main Fluentd configuration files used to forward events to the Splunk OpenTelemetry Collector. The file locations are /etc/otel/collector/fluentd/fluent.conf on Linux and \opt\td-agent\etc\td-agent\td-agent.conf on Windows. By default, these files configure Fluentd to include custom Fluentd sources and forward all log events with the @SPLUNK label to the Splunk OpenTelemetry Collector.

      • conf.d. This directory contains the custom Fluentd configuration files. The location is /etc/otel/collector/fluentd/conf.d on Linux and \opt\td-agent\etc\td-agent\conf.d on Windows. All files in this directory ending with the .conf extension are automatically included by Fluentd, including \opt\td-agent\etc\td-agent\conf.d\eventlog.conf on Windows.

      • splunk-otel-collector.conf. This is the drop-in file for the Fluentd service on Linux. Use this file to override the default Fluentd configuration path in favor of the custom Fluentd configuration file for Linux (fluent.conf).

The following is a sample configuration to collect custom logs:

<source>
  @type tail
  @label @SPLUNK
  <parse>
    @type none
  </parse>
  path /path/to/my/custom.log
  pos_file /var/log/td-agent/my-custom-logs.pos
  tag my-custom-logs
</source>

You can also configure the following components: