×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Suchita1
Observer
Member since: ‎03-23-2023
‎04-05-2023
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-23-2023
View All

Re: OpenShift Log Forwarding to Splunk

by in Dashboards & Visualizations
‎04-04-2023 10:01 PM
‎04-04-2023 10:01 PM
Please provide steps to apply ssl certs for splunk.. ... View more

Re: OpenShift Log Forwarding to Splunk

by in Dashboards & Visualizations
‎03-24-2023 04:52 AM
‎03-24-2023 04:52 AM
$ sudo netstat -lnpt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:9997 0.0.0.0:* LISTEN 114868/splunkd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 991/sshd tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 114868/splunkd tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN 114868/splunkd tcp 0 0 0.0.0.0:8191 0.0.0.0:* LISTEN 114889/mongod tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 114868/splunkd tcp 0 0 127.0.0.1:8065 0.0.0.0:* LISTEN 114963/python3.7 tcp6 0 0 :::22 :::* LISTEN 991/sshd   I have updated port from 8000 to 8088 $ curl -v https://splunk-hec.amosirelanddev.amosonline.io:8088/services/collector * Trying 176.34.143.107... * TCP_NODELAY set * Connected to splunk-hec.amosirelanddev.amosonline.io (176.34.143.107) port 8088 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: self signed certificate in certificate chain * Closing connection 0 curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.   It seams certs are not valid. Could you send me procedure how to update certs for splunk. ... View more

Re: OpenShift Log Forwarding to Splunk

by in Dashboards & Visualizations
‎03-23-2023 05:14 AM
‎03-23-2023 05:14 AM
Yes, I tried to execute below curl command curl http://splunk-hec.amosirelanddev.amosonline.io:8000/en-GB/services/collector/event -d '{"event": "hello world"}' curl http://splunk-hec.amosirelanddev.amosonline.io:8000/services/collector/event -d '{"event": "hello world"}' but getting 303 Page not found! Error. ... View more

OpenShift Log Forwarding to Splunk?

by in Dashboards & Visualizations
‎03-23-2023 02:50 AM
‎03-23-2023 02:50 AM
We are using OpenShift 4.11.27 and now looking for OpenShift Log Forwarding to Splunk.   Did below changes at OpenShift end to configure splunk:   Installed cluster-logging and elasticsearch-operator into OpenShift. $ oc get csv -n openshift-logging NAME                                     DISPLAY                            VERSION   REPLACES                                       PHASE cluster-logging.v5.6.3                   Red Hat OpenShift Logging          5.6.3     cluster-logging.v5.6.2                         Succeeded elasticsearch-operator.v5.6.3            OpenShift Elasticsearch Operator   5.6.3     elasticsearch-operator.v5.6.2                  Succeeded   Created secret vector-splunk-secret using below command: $ oc -n openshift-logging create secret generic vector-splunk-secret --from-literal hecToken=<HEC_Token>   We have create clusterlogforwarders as below: ---   apiVersion: "logging.openshift.io/v1"   kind: "ClusterLogForwarder"   metadata:     name: "instance"     namespace: "openshift-logging"   spec:     outputs:       - name: splunk-receiver         secret:           name: vector-splunk-secret         type: splunk         url: http://splunk-hec.amosirelanddev.amosonline.io:8000     pipelines:       - inputRefs:           - application           - infrastructure         name:         outputRefs:           - splunk-receiver   Updated cluster logging operator as it was using fluentd so replaced fluentd with vector: $ oc edit ClusterLogging instance -n openshift-logging   Splunk Setup changes: Splunk installation on VM done with below steps: wget https://download.splunk.com/products/splunk/releases/8.0.4/linux/splunk-8.0.4-767223ac207f-linux-2.6-x86_64.rpm sudo rpm -ivh splunk-8.0.4-767223ac207f-linux-2.6-x86_64.rpm Two indexes created. Create new index as per below list. Settings > Indexes > New Index openshift (events) openshift-matrix (matix)   Enabling HEC token - Enable HEC (HTTP Event Collector), Settings > Data Inputs > HTTP Event Collector > Global Settings > Default Index as “Default” > Save Create HEC token - Create new HEC token, Settings > Data inputs > HTTP Event Collector > New Token > Name as “openshift” > Next (Input Settings, add allowed indexes like below” > Review > Submit. Note the Token Value, we going to use this for next step.   We are trying to search from New Search “index= openshift” but not getting any result.            Where we can see the logs on Splunk dashboard or if we are missing something then please let us know.   Regards, Suchita Deshmukh ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-05-2023 08:31 AM