All Apps and Add-ons

splunk integration on ocp

splunksrk
New Member

I have integrated splunk with ocp and able to see the logs on openshift openshiftlab1_logging but not on openshiftlab1_metrics openshiftlab1_objects.Could any one let me know the issue in the file.
global:
logLevel: info
journalLogPath: /run/log/journal
splunk:
hec:
host: 10.133.8.98
port: 8088
token: 36698f4f-db56-45b8-8bf3-cc0d12ab433
protocol: http
indexName: openshift
insecureSSL: true
#clientCert:
#clientKey:
#caFile:
kubernetes:
clusterName: "openshiftlab"
openshift: true
splunk-kubernetes-logging:
enabled: true
logLevel: debug
splunk:
hec:
host: 10.133.8.98
port: 8088
token: 36698f4f-db56-45b8-8bf3-cc0d12ab433
protocol: http
indexName: openshiftlab1_logging
insecureSSL: true
#clientCert:
#clientKey:
#caFile:
containers:
logFormatType: cri
logs:
kube-audit:
from:
file:
path: /var/log/kube-apiserver/audit.log
splunk-kubernetes-metrics:
rbac:
create: true
serviceAccount:
create: true
name: splunk-kubernetes-metrics
enabled: true
splunk:
hec:
host: 10.133.8.98
port: 8088
token: 36698f4f-db56-45b8-8bf3-cc0d12ab433
protocol: http
indexName: openshiftlab1_metrics
insecureSSL: true
#clientCert:
#clientKey:
#caFile:
kubernetes:
openshift: true
splunk-kubernetes-objects:
rbac:
create: true
serviceAccount:
create: true
name: splunk-kubernetes-objects
enabled: true
kubernetes:
openshift: true
splunk:
hec:
host: 10.133.8.98
port: 8088
token: 36698f4f-db56-45b8-8bf3-cc0d12ab433
protocol: http
insecureSSL: true
indexName: openshiftlab1_objects
#clientCert:
#clientKey:
#caFile:
objects:
core:
v1:
- name: pods
interval: 30s
- name: namespaces
interval: 30s
- name: nodes
interval: 30s
- name: services
interval: 30s
- name: config_maps
interval: 30s
- name: persistent_volumes
interval: 30s
- name: service_accounts
interval: 30s
- name: persistent_volume_claims
interval: 30s
- name: resource_quotas
interval: 30s
- name: component_statuses
interval: 30s
- name: events
mode: watch
apps:
v1:
- name: deployments
interval: 30s
- name: daemon_sets
interval: 30s
- name: replica_sets
interval: 30s
- name: stateful_sets
interval: 30s

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...