-1

I am using Amazon EKS and I have a server (consider it as X ) which is connected to the control node using kubectl.

I am able to get the pod logs from the server X by running the following command. kubectl logs -f podname -n=namespace

Now my goal is to send these pod logs to Splunk for which I am using splunk-connect-for-kubernetes

But as per the configurations of values.yaml file, kubernetes logs are forwarded to the Splunk instead of the pod logs.

I would specifically like to send the pod logs i.e. my application logs to the Splunk. Is there any way to achieve this?

Shreeya Patel
  • 125
  • 1
  • 1
  • 11
  • As per the `splunk-connect-for-kubernetes` documentation `Splunk Connect for Kubenetes also supports importing and searching your container logs on AWS ECS and AWS Fargate using firelens.` Did you validate it? – Bimal Apr 09 '20 at 21:01

1 Answers1

4

One of the option you have is to make use of fluentd, fluentbit combination to read and send to splunk.

Bimal
  • 1,175
  • 8
  • 16
  • Is there any documentation available which shows the whole process? I don't see any documentation on internet which shows the steps for my requirement. – Shreeya Patel Apr 10 '20 at 19:19
  • You can find lot online. Basically you will be having fluentbit as ds in all nodes and one fluentd pod to send the logs to splunk. – Bimal Apr 12 '20 at 17:43