Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Kubernetes - application logs

dmuley
Explorer
‎04-06-2023 07:52 AM

Hello Team,

I am new to Kubernetes and splunk, I have a requirement to push logs that are generated from my spring boot app running under k8s pods to splunk,

How can I forward the logs that are generating under pod ?

I can access the logs by using the command 

kubectl logs <pod-name>

Labels (1)
Labels
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-06-2023 10:41 PM

@dmuley - You need to install Splunk Universal forwarder onto the Kubernetes instance and monitor log files under the `/var/log` directory usually.

But you can check the location of log files with the below command: (the command is deprecated BTW)

kubectl --log-dir

 

How to install UF - https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder

How to monitor log files - https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/Monitorfilesanddirectorieswithinputs.conf 

 

I hope this helps!!!

0 Karma
Reply

Gr0und_Z3r0
Contributor
‎04-06-2023 05:38 PM

Hi @dmuley 

If using EKS from AWS then you can use Splunk Connect for Kubernetes
 https://www.splunk.com/en_us/blog/partners/splunk-connect-for-kubernetes-on-eks.html

You can also send logs from the Master node by installing Splunk Universal Forwarder and configuring /var/log or any other log path as per your need.
https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html
https://docs.splunk.com/Documentation/Splunk/9.0.4/Forwarding/Typesofforwarders

For application specific events, you can use Splunk HTTP Event Collector (HEC) to send custom events to Splunk.
https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/UsetheHTTPEventCollector


 Be sure to check the correct Splunk version documentation for configuration and implementation.

~ If the reply helps, an upvote would be appreciated.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...