Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Kubernetes - application logs

dmuley
Explorer
‎04-06-2023 07:52 AM

Hello Team,

I am new to Kubernetes and splunk, I have a requirement to push logs that are generated from my spring boot app running under k8s pods to splunk,

How can I forward the logs that are generating under pod ?

I can access the logs by using the command 

kubectl logs <pod-name>

Labels (1)
Labels
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-06-2023 10:41 PM

@dmuley - You need to install Splunk Universal forwarder onto the Kubernetes instance and monitor log files under the `/var/log` directory usually.

But you can check the location of log files with the below command: (the command is deprecated BTW)

kubectl --log-dir

 

How to install UF - https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder

How to monitor log files - https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/Monitorfilesanddirectorieswithinputs.conf 

 

I hope this helps!!!

0 Karma
Reply

Gr0und_Z3r0
Contributor
‎04-06-2023 05:38 PM

Hi @dmuley 

If using EKS from AWS then you can use Splunk Connect for Kubernetes
 https://www.splunk.com/en_us/blog/partners/splunk-connect-for-kubernetes-on-eks.html

You can also send logs from the Master node by installing Splunk Universal Forwarder and configuring /var/log or any other log path as per your need.
https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html
https://docs.splunk.com/Documentation/Splunk/9.0.4/Forwarding/Typesofforwarders

For application specific events, you can use Splunk HTTP Event Collector (HEC) to send custom events to Splunk.
https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/UsetheHTTPEventCollector


 Be sure to check the correct Splunk version documentation for configuration and implementation.

~ If the reply helps, an upvote would be appreciated.

0 Karma
Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...