Splunk Observability Cloud
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Otel Chart Values.yaml for sending Otel Gateway logs to Splunk

PhuN
Explorer
‎02-28-2024 03:48 PM

how do we enable Otel gateway logs to flow through to Splunk.

 

Even when we use the values.yaml settings noted here, we don't see any logs from the gateway: 

https://github.com/signalfx/splunk-otel-collector-chart/blob/main/examples/collector-gateway-only/co...

 

We're looking to get the gateway logs to get a better understanding of the health of the gateway 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

maulikp
Splunk Employee
Splunk Employee
‎02-29-2024 09:01 AM

Great! In that case, you can update the existing values.yaml file with following, and redeploy the helm chart:

 

Once you redeploy your helm chart with above changes,

  • You will have gateway running as part of helm chart
  • OTEL agents logs will be collected via daemonset and sent to your backend.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

maulikp
Splunk Employee
Splunk Employee
‎02-28-2024 05:35 PM

You need to include agent logs, and that will collect daemonset, clusterReceiver and gateway logs, you can configure it using this option - https://github.com/signalfx/splunk-otel-collector-chart/blob/main/helm-charts/splunk-otel-collector/...

0 Karma
Reply
Solved! Jump to solution

PhuN
Explorer
‎02-29-2024 08:05 AM

can you provide an example values.yaml with what you have in mind? 

Are you saying it should be this code below? if so, this yaml seems to output gateway logs but its not getting picked up and sent through to splunk.

clusterName: CHANGEME
splunkObservability:
  realm: CHANGEME
  accessToken: CHANGEME

gateway:
  enabled: true
  replicaCount: 1
  resources:
    limits:
      cpu: 2
      memory: 4Gi
agent:
  enabled: false
clusterReceiver:
  enabled: false
logsCollection:
  containers:
    excludeAgentLogs: false

 

0 Karma
Reply
Solved! Jump to solution

maulikp
Splunk Employee
Splunk Employee
‎02-29-2024 08:50 AM

Sorry, I don't have a values.yaml file tailored for your use case. The values.yaml file you shared will only to setup a gateway on K8s cluster, which will not solve the problem you are looking to solve.

Let me ask you this, have you already installed Splunk OTEL helm chart on your K8s cluster, which is already running Daemonset and collecting logs?

0 Karma
Reply
Solved! Jump to solution

PhuN
Explorer
‎02-29-2024 08:54 AM

Yes the Splunk Otel helm chart is already on our K8 cluster and already collecting logs from all agents 

 

0 Karma
Reply
Solved! Jump to solution
Solution

maulikp
Splunk Employee
Splunk Employee
‎02-29-2024 09:01 AM

Great! In that case, you can update the existing values.yaml file with following, and redeploy the helm chart:

 

Once you redeploy your helm chart with above changes,

  • You will have gateway running as part of helm chart
  • OTEL agents logs will be collected via daemonset and sent to your backend.
0 Karma
Reply
Solved! Jump to solution

PhuN
Explorer
‎02-29-2024 10:13 AM

@maulikp Thanks. We're able to confirm gateway logs are now flowing through splunk now by searching for pod names that contain the word gateway
k8s.pod.name=*gateway* 

 

thank you very much

Phu

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...

Detecting Cross-Channel Fraud with Splunk

This article is the final installment in our three-part series exploring fraud detection techniques using ...

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
li.common.scroll-to.top