Splunk Observability Cloud
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

OTEL Collector on legacy RHEL6 machine - How do I overcome mapping these values?

Krzysztof
New Member
‎03-18-2022 03:19 AM

Hello working for a client that has some older infra still on Red Hat 6 (to be changed but this is not on my side and could happen far into the future). Kernel 2.6.32 (around that). We need to connect these machines to Splunk Observability Cloud! Managed to overcome installation issues (some cheats here and there) and got RPM installed as you can see. 

 

 

FATAL: kernel too old
...
...
...
/usr/lib/splunk-otel-collector/agent-bundle/bin/patch-interpreter: line 15:  5818 Aborted                 (core dumped) ${tmproot%/}/bin/patchelf --set-

[root@RHEL6 ~]# rpm -q splunk-otel-collector
splunk-otel-collector-0.46.0-1.x86_64

 

 

 But default conf was not created so I copied the same from RHEL7.

 

 

[root@localhost ~]# /usr/bin/otelcol --config /etc/otel/collector/splunk-otel-collector.conf
2022/03/18 06:07:28 main.go:263: Set config to /etc/otel/collector/splunk-otel-collector.conf
2022/03/18 06:07:28 main.go:346: Set ballast to 168 MiB
2022/03/18 06:07:28 main.go:360: Set memory limit to 460 MiB
Error: failed to get config: cannot retrieve the configuration: unable to parse yaml: yaml: unmarshal errors:
  line 1: cannot unmarshal !!str `SPLUNK_...` into map[string]interface {}
2022/03/18 06:07:28 main.go:130: application run finished with error: failed to get config: cannot retrieve the configuration: unable to parse yaml: yaml: unmarshal errors:
  line 1: cannot unmarshal !!str `SPLUNK_...` into map[string]interface {}
[root@localhost ~]#


[root@localhost ~]# go version
go version go1.18 linux/amd64

 

 

so all the files are in place, they look same as the ones on working system, file is read for sure as SPLUNK_ is the first value in the .conf (just proof that all the values, masked here for security of course, are in place).

 

 

[root@localhost ~]# head /etc/otel/collector/splunk-otel-collector.conf
SPLUNK_CONFIG=/etc/otel/collector/agent_config.yaml
SPLUNK_ACCESS_TOKEN=*******
SPLUNK_REALM=us0
<and so on>

 

 

Any ideas how to overcome mapping those values properly? I dont know if other problems will not show in the next steps but I have to try. I know and acknowledge RHEL6 is not supported but the binary looks like launching and I have high hopes. TIA!

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...