Configure the Collector 🔗
You can use a variety of default configuration files to set up the Splunk Distribution of OpenTelemetry Collector, as well additional components that you can configure separately.
Note
See how to perform common actions and tasks with the Collector at Use the Collector: How to perform common tasks. To understand how data is processed, see Process your data with pipelines.
See the default configuration to learn about the basic structure of the Collector’s configuration file. It also contains an example valid for most environments.
You can also use these configurations to change the default settings in each Collector package:
Kubernetes: Helm configuration, advanced config, and log config
Note
Splunk Observability Cloud offers several options for no-hassle, zero-config Auto Instrumentation. Learn more at Splunk OpenTelemetry Zero Configuration Auto Instrumentation.
To define multiple config files simultaneously use:
./otelcol --config=file:/path/to/first/file --config=file:/path/to/second/file
The Collector can capture logs using Fluentd, but this option is deactivated by default.
For Kubernetes, native OpenTelemetry log collection is supported by default. See more at Configure logs and events for Kubernetes.
For Linux and Windows environments (physical hosts and virtual machines), use the Universal Forwarder to send logs to the Splunk platform. See more at Use the Splunk Universal Forwarder with the Collector.
Note
If you have a Log Observer entitlement or wish to collect logs for the target host, make sure Fluentd is installed and enabled in your Collector instance.
You can use the Fluentd receiver to collect logs. Common sources such as filelog, journald, and Windows Event Viewer are included in the installation. See Fluent Forward receiver for more information.
The following table describes the artifacts in the Fluentd directory:
Configuration |
Description |
|---|---|
fluent.conf or td-agent.conf |
These are the main Fluentd configuration files used to forward events to the Collector. The file locations are |
conf.d |
This directory contains the custom Fluentd configuration files. The location is |
splunk-otel-collector.conf |
This is the drop-in file for the Fluentd service on Linux. Use this file to override the default Fluentd configuration path in favor of the custom Fluentd configuration file for Linux (fluent.conf). |
The following is a sample configuration to collect custom logs:
<source>
@type tail
@label @SPLUNK
<parse>
@type none
</parse>
path /path/to/my/custom.log
pos_file /var/log/td-agent/my-custom-logs.pos
tag my-custom-logs
</source>
See Fluent Forward receiver for more information.
You can also use these additional configuration sources:
Environment variable (Alpha)
etcd (Alpha)
Include config source (Beta)
Vault (Alpha)
Zookeeper (Alpha)