What are the differences between OpenTelemetry Col...

stefan_habuline · ‎06-28-2023

Hi all,

We're migrating from Splunk Connect for Kubernetes to OpenTelemetry Collector (otel) and noticed several differences, which are breaking our dashboards.

For example, to get the pods information (k8sObjects) from the otel collector, we have to search them with

sourcetype="kube:object:pods"

However from Splunk Connect it's

sourcetype="kube:objects:pods"

Notice the plural in objects.

Another example is the pod field, which is different in the otel collector:

Splunk Connect: pod::*$STRING*
Otel: source::*$STRING*

Is there a way how to align the Otel Collector to the above mentioned format? Or there some sort of list of the complete differences between otel and Splunk Connect?

We have quite a lot productive dashboards and report and it would take big effort to change/check every single of them.

Thanks much for help in advance.

Stefan

stefan_habuline · ‎07-11-2023

Here's a link on the migration/differences provided on the Slack channel #opentelemetry: splunk-otel-collector-chart/docs/migration-from-sck.md at main · signalfx/splunk-otel-collector-char...

What are the differences between OpenTelemetry Collector (otel) and Splunk Connect for Kubernetes?

index

indexer

source

sourcetype

universal forwarder

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

Leverage Cisco Talos Threat Intelligence Across Splunk Security Products

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!