Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Exclude unnecessary logs being sent to splunk cloud platform

Vivi
Loves-to-Learn Lots
‎07-22-2024 05:35 AM

I am using the Splunk OTEL Collector Helm chart to send logs from my GKE pods to the Splunk Cloud Platform. I have set `UsesplunkIncludeAnnotation` to `true` to filter logs from specific pods. This setup was working fine until I tried to filter the logs being sent. I added the following configuration to my `splunk` values.yaml:

  config:
    processors:
      filter/ottl:
        error_mode: ignore
        logs:
          log_record:
            - 'IsMatch(body, "GET /status")'
            - 'IsMatch(body, "GET /healthcheck")'

When I applied this configuration, the specified logs were excluded as expected, but it did not filter logs from the specified pods. I am still receiving logs from all my pods, and the annotation is not taking effect. Additionally, the host is not displaying correctly and is showing as "unknown". (I will attach a screenshot for reference.)

Vivi_0-1721651557628.png

My questions are:
1. How can I exclude these specific logs more effectively?
2. Is there a more efficient way to achieve this filtering?

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...