https://community.splunk.com/t5/Community-Office-Hours/Kubernetes-Observability-12-10-24/ec-p/706683#M134 <P>Here are some of the questions covered in the session:</P><P>Q1: How do you get logs from a Kubernetes Cluster?</P><P>Solution:&nbsp;</P><UL><LI><SPAN>Set Log Collection in the wizard:</SPAN></LI></UL><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ArifV_0-1734031777571.png" style="width: 400px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/33830i17519DF8B1F8B1EE/image-size/medium?v=v2&amp;px=400" role="button" title="ArifV_0-1734031777571.png" alt="ArifV_0-1734031777571.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><UL><LI><SPAN>See documentation - covers cases like host logs, multi-line logs, using pod annotations, sending events, etc.</SPAN></LI><LI><SPAN>There are also many more tips about this topic from slides <A href="https://docs.google.com/presentation/d/1L38Ia8ALJNXsskoNu5HV1TaookMhHD7SmqLFOkEvpgo/edit#slide=id.g31cbc3b9b60_0_0" target="_self">8-14 in this deck</A></SPAN></LI></UL><P><SPAN>Documentation:</SPAN></P><P><SPAN><A href="https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-kubernetes/kubernetes-config-logs.html" target="_blank" rel="noopener">https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-kubernetes/kubernetes-config-logs.html</A></SPAN></P><P><SPAN>Q2: How can I optimize troubleshooting for K8s alerts?</SPAN></P><P><SPAN>Solution:&nbsp;</SPAN></P><UL><LI><SPAN>Utilize the Navigator links embedded in alerts&nbsp;</SPAN></LI><LI><SPAN>Autodetector alerts</SPAN></LI><LI><SPAN>Utilize built-in metrics and dashboards</SPAN></LI><LI><SPAN>Identify problematic nodes, pods, and containers using the hierarchy map in the Kubernetes Navigator</SPAN></LI><LI><SPAN>Deploy the Splunk Distribution of the Otel Collector to your cluster for correlation of metrics, traces and logs (related content)</SPAN></LI><LI><SPAN>Enrich telemetry data with custom metrics or adding relevant metadata to enhance troubleshooting&nbsp;</SPAN></LI></UL><P><SPAN>Documentation:</SPAN></P><UL><LI><A href="https://docs.splunk.com/observability/en/infrastructure/monitor/k8s-nav.html" target="_blank" rel="noopener"><SPAN>https://docs.splunk.com/observability/en/infrastructure/monitor/k8s-nav.html</SPAN></A></LI><LI><A href="https://docs.splunk.com/observability/en/gdi/get-data-in/compute/k8s.html#get-started-k8s" target="_blank" rel="noopener"><SPAN>https://docs.splunk.com/observability/en/gdi/get-data-in/compute/k8s.html#get-started-k8s</SPAN></A></LI><LI><A href="https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-how-to.html#collector-how-to" target="_blank" rel="noopener"><SPAN>https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-how-to.html#collector-how-to</SPAN></A><SPAN>&nbsp;</SPAN></LI><LI><SPAN><A href="https://docs.splunk.com/observability/en/metrics-and-metadata/relatedcontent.html" target="_blank" rel="noopener">https://docs.splunk.com/observability/en/metrics-and-metadata/relatedcontent.html</A></SPAN></LI></UL><P><SPAN>Q3:&nbsp;One of my containers produces events as json. Any pointers on how to teach the OTel Collector to read it in as json, I am getting multiple events strung together as one. Ideally is this something that I can achieve in the Splunk Otel helm chart?</SPAN></P><P><SPAN>Solution:&nbsp;</SPAN></P><UL><LI><SPAN>See details below on processing multi-line logs; this is likely why you are getting a multi-line json showing up as individual log lines</SPAN></LI></UL><P><SPAN>Documentation:</SPAN></P><UL><LI><A href="https://github.com/signalfx/splunk-otel-collector-chart/blob/main/docs/advanced-configuration.md#processing-multi-line-logs" target="_blank" rel="noopener"><SPAN>https://github.com/signalfx/splunk-otel-collector-chart/blob/main/docs/advanced-configuration.md#processing-multi-line-logs</SPAN></A><SPAN>&nbsp;</SPAN></LI><LI><A href="https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-kubernetes/install-k8s-manifests.html#otel-install-k8s-manifests" target="_blank" rel="noopener"><SPAN>Installing with YAML manifests</SPAN></A></LI></UL> Thu, 12 Dec 2024 19:32:09 GMT ArifV 2024-12-12T19:32:09Z https://community.splunk.com/t5/Community-Office-Hours/Kubernetes-Observability-12-10-24/ec-p/702538#M125 <P data-unlink="true"><STRONG><A href="https://discover.splunk.com/Community-Office-Hours-Kubernetes-Observability.html" target="_self">Register here</A>.</STRONG>This thread is for the Community Office Hours session<STRONG><SPAN> on&nbsp;</SPAN>Kubernetes Observability<SPAN>&nbsp;on&nbsp;</SPAN>Tue, December 10, 2024 at 1pm PT / 4pm ET.</STRONG></P><P><STRONG>What can I ask in this AMA?</STRONG></P><UL><LI>How do I use and customize Kubernetes navigators?</LI><LI>What are best practices for optimizing Kubernetes alerts and troubleshooting workflows?</LI><LI>Is there a way to view Kubernetes logs correlated with metrics?</LI><LI>How do I review Pod status?</LI><LI>How do I monitor Kubernetes resource limits?</LI><LI>Anything else you’d like to learn!</LI></UL><P><STRONG>Please submit your questions at registration.<SPAN>&nbsp;</SPAN></STRONG>You can also head to the<A href="https://splunk-usergroups.slack.com/archives/C0FRVF350" target="_blank" rel="noopener">#office-hours</A><SPAN>&nbsp;</SPAN>user Slack channel to ask questions (request access<SPAN>&nbsp;</SPAN><A href="https://splunk-usergroups.slack.com/archives/C0FRVF350" target="_blank" rel="noopener">here</A>).</P><P><STRONG>Pre-submitted questions will be prioritized.&nbsp;</STRONG>After that, we will open the floor up to live Q&amp;A with meeting participants.<BR /><BR />Look forward to connecting!</P> Thu, 12 Dec 2024 19:32:35 GMT https://community.splunk.com/t5/Community-Office-Hours/Kubernetes-Observability-12-10-24/ec-p/702538#M125 ArifV 2024-12-12T19:32:35Z https://community.splunk.com/t5/Community-Office-Hours/Kubernetes-Observability-12-10-24/ec-p/706683#M134 <P>Here are some of the questions covered in the session:</P><P>Q1: How do you get logs from a Kubernetes Cluster?</P><P>Solution:&nbsp;</P><UL><LI><SPAN>Set Log Collection in the wizard:</SPAN></LI></UL><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ArifV_0-1734031777571.png" style="width: 400px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/33830i17519DF8B1F8B1EE/image-size/medium?v=v2&amp;px=400" role="button" title="ArifV_0-1734031777571.png" alt="ArifV_0-1734031777571.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><UL><LI><SPAN>See documentation - covers cases like host logs, multi-line logs, using pod annotations, sending events, etc.</SPAN></LI><LI><SPAN>There are also many more tips about this topic from slides <A href="https://docs.google.com/presentation/d/1L38Ia8ALJNXsskoNu5HV1TaookMhHD7SmqLFOkEvpgo/edit#slide=id.g31cbc3b9b60_0_0" target="_self">8-14 in this deck</A></SPAN></LI></UL><P><SPAN>Documentation:</SPAN></P><P><SPAN><A href="https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-kubernetes/kubernetes-config-logs.html" target="_blank" rel="noopener">https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-kubernetes/kubernetes-config-logs.html</A></SPAN></P><P><SPAN>Q2: How can I optimize troubleshooting for K8s alerts?</SPAN></P><P><SPAN>Solution:&nbsp;</SPAN></P><UL><LI><SPAN>Utilize the Navigator links embedded in alerts&nbsp;</SPAN></LI><LI><SPAN>Autodetector alerts</SPAN></LI><LI><SPAN>Utilize built-in metrics and dashboards</SPAN></LI><LI><SPAN>Identify problematic nodes, pods, and containers using the hierarchy map in the Kubernetes Navigator</SPAN></LI><LI><SPAN>Deploy the Splunk Distribution of the Otel Collector to your cluster for correlation of metrics, traces and logs (related content)</SPAN></LI><LI><SPAN>Enrich telemetry data with custom metrics or adding relevant metadata to enhance troubleshooting&nbsp;</SPAN></LI></UL><P><SPAN>Documentation:</SPAN></P><UL><LI><A href="https://docs.splunk.com/observability/en/infrastructure/monitor/k8s-nav.html" target="_blank" rel="noopener"><SPAN>https://docs.splunk.com/observability/en/infrastructure/monitor/k8s-nav.html</SPAN></A></LI><LI><A href="https://docs.splunk.com/observability/en/gdi/get-data-in/compute/k8s.html#get-started-k8s" target="_blank" rel="noopener"><SPAN>https://docs.splunk.com/observability/en/gdi/get-data-in/compute/k8s.html#get-started-k8s</SPAN></A></LI><LI><A href="https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-how-to.html#collector-how-to" target="_blank" rel="noopener"><SPAN>https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-how-to.html#collector-how-to</SPAN></A><SPAN>&nbsp;</SPAN></LI><LI><SPAN><A href="https://docs.splunk.com/observability/en/metrics-and-metadata/relatedcontent.html" target="_blank" rel="noopener">https://docs.splunk.com/observability/en/metrics-and-metadata/relatedcontent.html</A></SPAN></LI></UL><P><SPAN>Q3:&nbsp;One of my containers produces events as json. Any pointers on how to teach the OTel Collector to read it in as json, I am getting multiple events strung together as one. Ideally is this something that I can achieve in the Splunk Otel helm chart?</SPAN></P><P><SPAN>Solution:&nbsp;</SPAN></P><UL><LI><SPAN>See details below on processing multi-line logs; this is likely why you are getting a multi-line json showing up as individual log lines</SPAN></LI></UL><P><SPAN>Documentation:</SPAN></P><UL><LI><A href="https://github.com/signalfx/splunk-otel-collector-chart/blob/main/docs/advanced-configuration.md#processing-multi-line-logs" target="_blank" rel="noopener"><SPAN>https://github.com/signalfx/splunk-otel-collector-chart/blob/main/docs/advanced-configuration.md#processing-multi-line-logs</SPAN></A><SPAN>&nbsp;</SPAN></LI><LI><A href="https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-kubernetes/install-k8s-manifests.html#otel-install-k8s-manifests" target="_blank" rel="noopener"><SPAN>Installing with YAML manifests</SPAN></A></LI></UL> Thu, 12 Dec 2024 19:32:09 GMT https://community.splunk.com/t5/Community-Office-Hours/Kubernetes-Observability-12-10-24/ec-p/706683#M134 ArifV 2024-12-12T19:32:09Z