Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Kubernetes - application logs

dmuley
Explorer
‎04-06-2023 07:52 AM

Hello Team,

I am new to Kubernetes and splunk, I have a requirement to push logs that are generated from my spring boot app running under k8s pods to splunk,

How can I forward the logs that are generating under pod ?

I can access the logs by using the command 

kubectl logs <pod-name>

Labels (1)
Labels
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-06-2023 10:41 PM

@dmuley - You need to install Splunk Universal forwarder onto the Kubernetes instance and monitor log files under the `/var/log` directory usually.

But you can check the location of log files with the below command: (the command is deprecated BTW)

kubectl --log-dir

 

How to install UF - https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder

How to monitor log files - https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/Monitorfilesanddirectorieswithinputs.conf 

 

I hope this helps!!!

0 Karma
Reply

Gr0und_Z3r0
Contributor
‎04-06-2023 05:38 PM

Hi @dmuley 

If using EKS from AWS then you can use Splunk Connect for Kubernetes
 https://www.splunk.com/en_us/blog/partners/splunk-connect-for-kubernetes-on-eks.html

You can also send logs from the Master node by installing Splunk Universal Forwarder and configuring /var/log or any other log path as per your need.
https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html
https://docs.splunk.com/Documentation/Splunk/9.0.4/Forwarding/Typesofforwarders

For application specific events, you can use Splunk HTTP Event Collector (HEC) to send custom events to Splunk.
https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/UsetheHTTPEventCollector


 Be sure to check the correct Splunk version documentation for configuration and implementation.

~ If the reply helps, an upvote would be appreciated.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...