openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-06 06:46:26 +01:00
Code Issues Releases Activity
Files
dcaa2136b2dfcd94d38d794cd8ba756c19f1af49
openshift-docs/modules/logging-forward-splunk.adoc
abrennan89 e86dbf29e3 OBSDOCS-206: Clean up log forwarding docs
2023-09-18 20:13:40 +00:00

62 lines
2.0 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
// * logging/log_collection_forwarding/log-forwarding.adoc
:_content-type: PROCEDURE
[id="logging-forward-splunk_{context}"]
= Forwarding logs to Splunk
You can forward logs to the link:https://docs.splunk.com/Documentation/Splunk/9.0.0/Data/UsetheHTTPEventCollector[Splunk HTTP Event Collector (HEC)] in addition to, or instead of, the internal default {product-title} log store.
[NOTE]
====
Using this feature with Fluentd is not supported.
====
.Prerequisites
* Red Hat OpenShift Logging Operator 5.6 and higher
* ClusterLogging instance with vector specified as collector
* Base64 encoded Splunk HEC token
.Procedure
. Create a secret using your Base64 encoded Splunk HEC token.
+
[source,terminal]
----
$ oc -n openshift-logging create secret generic vector-splunk-secret --from-literal hecToken=<HEC_Token>
----
+
. Create or edit the `ClusterLogForwarder` Custom Resource (CR) using the template below:
+
[source,yaml]
----
apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogForwarder"
metadata:
name: "instance" <1>
namespace: "openshift-logging" <2>
spec:
outputs:
- name: splunk-receiver <3>
secret:
name: vector-splunk-secret <4>
type: splunk <5>
url: <http://your.splunk.hec.url:8088> <6>
pipelines: <7>
- inputRefs:
- application
- infrastructure
name: <8>
outputRefs:
- splunk-receiver <9>
----
<1> The name of the ClusterLogForwarder CR must be `instance`.
<2> The namespace for the ClusterLogForwarder CR must be `openshift-logging`.
<3> Specify a name for the output.
<4> Specify the name of the secret that contains your HEC token.
<5> Specify the output type as `splunk`.
<6> Specify the URL (including port) of your Splunk HEC.
<7> Specify which log types to forward by using the pipeline: `application`, `infrastructure`, or `audit`.
<8> Optional: Specify a name for the pipeline.
<9> Specify the name of the output to use when forwarding logs with this pipeline.
View Git Blame Copy Permalink