Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Openshift Support for Splunk Universal Forwarder Docker Image

_KD
Engager
‎06-03-2025 04:10 PM

The splunk universal forwarder image currently is not compatible with OpenShift. The image architecture requires the usage of sudo to switch between users and to run as specific UIDs which are not compatible with OpenShift UIDs.

Are you planning to ever fix your image to make it compatible with OpenShift to run as a sidecar container?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

_KD
Engager
‎06-04-2025 07:24 AM

"Important: The Splunk Connect for Kubernetes will reach End of Support on January 1, 2024. After that date, this repository will no longer receive updates from Splunk and will no longer be supported by Splunk. Until then, only critical security fixes and bug fixes will be provided. Splunk recommends migrating to Splunk OpenTelemetry Collector for Kubernetes. Please refer to this migration guide for more details."

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

_KD
Engager
‎06-04-2025 07:24 AM

"Important: The Splunk Connect for Kubernetes will reach End of Support on January 1, 2024. After that date, this repository will no longer receive updates from Splunk and will no longer be supported by Splunk. Until then, only critical security fixes and bug fixes will be provided. Splunk recommends migrating to Splunk OpenTelemetry Collector for Kubernetes. Please refer to this migration guide for more details."

0 Karma
Reply
Solved! Jump to solution

livehybrid
SplunkTrust
SplunkTrust
‎06-03-2025 11:48 PM

Hi @_KD 

I dont have specific details on future product roadmap or development timelines for the Splunk Universal Forwarder Docker image regarding OpenShift compatibility or sidecar usage.

The recommended approach for collecting data from Kubernetes and OpenShift environments is the official Splunk OpenTelemetry Collector project, which is designed to integrate with these platforms and their security models.

If the specific use case of running the Universal Forwarder Docker image as a sidecar is critical for your needs, we encourage you to provide this feedback through your Splunk account team or official support channels such as via https://www.splunk.com/support

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...