Hello Team,
I am new to Kubernetes and splunk, I have a requirement to push logs that are generated from my spring boot app running under k8s pods to splunk,
How can I forward the logs that are generating under pod ?
I can access the logs by using the command
kubectl logs <pod-name>
@dmuley - You need to install Splunk Universal forwarder onto the Kubernetes instance and monitor log files under the `/var/log` directory usually.
But you can check the location of log files with the below command: (the command is deprecated BTW)
kubectl --log-dir
How to install UF - https://docs.splunk.com/Documentation/Forwarder/9.0.4/Forwarder/Installanixuniversalforwarder
How to monitor log files - https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/Monitorfilesanddirectorieswithinputs.conf
I hope this helps!!!
Hi @dmuley
If using EKS from AWS then you can use Splunk Connect for Kubernetes
https://www.splunk.com/en_us/blog/partners/splunk-connect-for-kubernetes-on-eks.html
You can also send logs from the Master node by installing Splunk Universal Forwarder and configuring /var/log or any other log path as per your need.
https://www.splunk.com/en_us/blog/learn/splunk-universal-forwarder.html
https://docs.splunk.com/Documentation/Splunk/9.0.4/Forwarding/Typesofforwarders
For application specific events, you can use Splunk HTTP Event Collector (HEC) to send custom events to Splunk.
https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/UsetheHTTPEventCollector
Be sure to check the correct Splunk version documentation for configuration and implementation.
~ If the reply helps, an upvote would be appreciated.