Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Kubernetes - application logs

dmuley
Explorer
‎04-06-2023 07:52 AM

Hello Team,

I am new to Kubernetes and splunk, I have a requirement to push logs that are generated from my spring boot app running under k8s pods to splunk,

How can I forward the logs that are generating under pod ?

I can access the logs by using the command 

kubectl logs <pod-name>

Labels (1)
Labels
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-06-2023 10:41 PM

@dmuley - You need to install Splunk Universal forwarder onto the Kubernetes instance and monitor log files under the `/var/log` directory usually.

But you can check the location of log files with the below command: (the command is deprecated BTW)

kubectl --log-dir

 

How to install UF - https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder

How to monitor log files - https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/Monitorfilesanddirectorieswithinputs.conf 

 

I hope this helps!!!

0 Karma
Reply

Gr0und_Z3r0
Contributor
‎04-06-2023 05:38 PM

Hi @dmuley 

If using EKS from AWS then you can use Splunk Connect for Kubernetes
 https://www.splunk.com/en_us/blog/partners/splunk-connect-for-kubernetes-on-eks.html

You can also send logs from the Master node by installing Splunk Universal Forwarder and configuring /var/log or any other log path as per your need.
https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html
https://docs.splunk.com/Documentation/Splunk/9.0.4/Forwarding/Typesofforwarders

For application specific events, you can use Splunk HTTP Event Collector (HEC) to send custom events to Splunk.
https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/UsetheHTTPEventCollector


 Be sure to check the correct Splunk version documentation for configuration and implementation.

~ If the reply helps, an upvote would be appreciated.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...