docker run -it -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_PASSWORD=splunkdev --platform=linux/amd64 -p 8000:8000 -p 8088:8088 splunk/splunk:latest start
Go to localhost:8000 (admin/splunkdev)
The Splunk image above is only available on amd64 architectures. To run on M1 macs, enable the Rosetta emulation on the docker desktop settings:
In your kubernetes cluster, deploy the Splunk OTEL collector, which will send the logs from the cluster to splunk. The collector can be deployed via helm or via an operator. To deploy via helm, run the script below:
#!/usr/bin/env bash
helm repo add splunk-otel-collector-chart https://signalfx.github.io/splunk-otel-collector-chart
# use host.docker.internal if running on a local kind kubernetes cluster
splunkEndpoint="https://host.docker.internal:8088"
httpCollectorToken="4e7042cf-3dbb-4b47-8c92-338f35833cd1"
helm install my-splunk-otel-collector \
--set="splunkPlatform.endpoint=${splunkEndpoint}/services/collector,splunkPlatform.token=${httpCollectorToken},splunkPlatform.metricsIndex=kubernetes,splunkPlatform.index=main,clusterName=platform,splunkPlatform.insecureSkipVerify=true" \
splunk-otel-collector-chart/splunk-otel-collector
Replace the httpCollectorToken
with the token for your collector. To generate the token, go to the http://localhost:8000/en-US/manager/search/adddatamethods/selectsource?input_mode=1 and select "HTTP Event Collector"; follow the steps to create a new collector and replace token with the token on the script with the one that you generated.
To view the Kratix logs in Splunk, go to Search and search for k8s.cluster.name="platform"