Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Kubernetes - application logs

dmuley
Explorer
‎04-06-2023 07:52 AM

Hello Team,

I am new to Kubernetes and splunk, I have a requirement to push logs that are generated from my spring boot app running under k8s pods to splunk,

How can I forward the logs that are generating under pod ?

I can access the logs by using the command 

kubectl logs <pod-name>

Labels (1)
Labels
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎04-06-2023 10:41 PM

@dmuley - You need to install Splunk Universal forwarder onto the Kubernetes instance and monitor log files under the `/var/log` directory usually.

But you can check the location of log files with the below command: (the command is deprecated BTW)

kubectl --log-dir

 

How to install UF - https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder

How to monitor log files - https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/Monitorfilesanddirectorieswithinputs.conf 

 

I hope this helps!!!

0 Karma
Reply

Gr0und_Z3r0
Contributor
‎04-06-2023 05:38 PM

Hi @dmuley 

If using EKS from AWS then you can use Splunk Connect for Kubernetes
 https://www.splunk.com/en_us/blog/partners/splunk-connect-for-kubernetes-on-eks.html

You can also send logs from the Master node by installing Splunk Universal Forwarder and configuring /var/log or any other log path as per your need.
https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html
https://docs.splunk.com/Documentation/Splunk/9.0.4/Forwarding/Typesofforwarders

For application specific events, you can use Splunk HTTP Event Collector (HEC) to send custom events to Splunk.
https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/UsetheHTTPEventCollector


 Be sure to check the correct Splunk version documentation for configuration and implementation.

~ If the reply helps, an upvote would be appreciated.

0 Karma
Reply
Get Updates on the Splunk Community!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Announcing the General Availability of Splunk Enterprise Security 8.1!

We are pleased to announce the general availability of Splunk Enterprise Security 8.1. Splunk becomes the only ...

Developer Spotlight with William Searle

The Splunk Guy: A Developer’s Path from Web to Cloud William is a Splunk Professional Services Consultant with ...
Top