The most major feature of this release is self monitoring of Collectord. With the metrics, published to Splunk from Collectord you can easily monitor performance of the logging pipeline, and Splunk HEC input. We have included a lot of small bug fixes and usability improvements in this release as well.

Collectord Metrics

Collectord publishes metrics for connections to Splunk, how long the requests take, how big is the lag for the events sent in every batch and many more. Now you can easily find if your Splunk HEC is not performant enought for accepting the number of logs sent from your clusters.

To see data on this dashboard, make sure to update your configuration for OpenShift and Kubernetes and include input input.collectord_metrics.

Those metrics also can be exported in Prometheus format. For that you need to enable httpServerBinding under [general] and metrics will be available under path /metrics/prometheus.

More annotations for Prometheus inputs

With annotations for prometheus metrics collecting you can configure caname of the certificate and include various Authorization headers.

New configurations

You can filter host file (input.files and input.journald) logs, include the blacklist and whitelist patterns to reduce the number of logs from chatty hosts.

# Blacklisting and whitelisting the logs
# whitelist = ^regexp$
# blacklist = ^regexp$

Links

You can find more information about other minor updates by following links below.

Release notes

• Monitoring OpenShift - Release notes
• Monitoring Kubernetes - Release notes
• Monitoring Docker - Release notes

Upgrade instructions

• Monitoring OpenShift v5 - Upgrade
• Monitoring Kubernetes v5 - Upgrade
• Monitoring Docker v5 - Upgrade

Installation instructions

• Monitoring OpenShift - Installation
• Monitoring Kubernetes - Installation
• Monitoring Docker - Installation