I found this entry Send Kubernetes pod's logs to Splunk
I was wondering if anyone had a front-to-back example (blog, video, etc.).
I'm used to Kubernetes, but not used to Splunk. I want to deploy something like the fluentbit with fluentd solution or Splunk Connect for Kubnernetes. I've done this with other solutions pretty easily (they usually have something simple to deploy into K8s), but working with Splunk is giving me problems.
I'm covering three scenarios here:
- Some things log only to stdout, which fluentbit/fluentd should handle
- Some things log only to file
- I'd like to collect all the Kubernetes events
Right now I'm mostly worried about sceario 1, but I have no control over the pods/containers, the configuration, etc. I have to find a way to do that without changing the Helm charts that are being used for deployment. I put in change requests for #2 to at least get the data into stdout, but that's another battle.
I've tried a bunch of things (links below) but it's just not behaving for me. I was hoping to follow a tutorial step-by-step to get a POC done and then get in an customize it further.
Some stuff I've been reading/watching:
- Most useful one so far: Send Logs to Splunk on Kubernetes using Splunk Forwarder - gets me to the point where I understand I can use the splunk/universalforwarder:latest image to get logs flowing to my Splunk instance
- Deploy Splunk Enterprise on Kubernetes: 1/2/3 - which seemed to get me running my own host and local data just fine, but not what I need
- Videos from Splunk User Groups: 1/2 - again, got Splunk running but doesn't give insight on forwarding data from Kuberenetes
- Splunk Forum Posts: 1 - led me to the next one
- Splunk Official Git Hub Projects: Splunk Connect for Kubnernetes - which I'm just not following for some reason ... but this seems like what I really should be using here
I really think I just need something with more verbose, step-by-step instructions written so a toddler can follow them.
I am going to try Splunk Connect for Kubnernetes from scratch again to see if I can figure it out; however - any links to tutorials would be very helpful.
Unfortunately I don't have time to learn Splunk inside-and-out, nor budget to get someone else in to do this.
