Configuration
collectorforkubernetes.yaml
To find server version of your Kubernetes cluster use
$ kubectl version
Match the server version with one of the links below.
Configuration files for previous releases of Collectord deployment files you can find at github.com/outcoldsolutions/collectord-configurations
Created Kubernetes Objects
Configuration file collectorforkubernetes.yaml creates several Kubernetes Objects.
Namespacecollectorforkubernetes.ClusterRolecollectorforkuberneteswith limited capabilities toget,listandwatchdeployed objects. Collector uses this information to enrich logs and stats with Kubernetes specific metadata.ServiceAccountcollectorforkubernetesis used to connect to Kubernetes API.ClusterRoleBindingcollectorforkubernetesto bind a service account to a cluster role.ConfigMapcollectorforkubernetesdelivers configuration files for collector.DaemonSetcollectorforkubernetesallows to deploy collector on none-master nodes.DaemonSetcollectorforkubernetes-masterallows to deploy collector on master nodes.Deploymentcollectorforkubernetes-addonis a single collector that needs to forward data from the whole cluster once.
Read commentaries in the collectorforkubernetes.yaml file to get more deep details on all configurations and source of the logs and metrics.
Collector configuration
ConfigMap collectorforkubernetes delivers configuration files for collector.
These are ini files, where you can find all the default values.
Values can be overridden using environment values with the format as specified below
COLLECTOR__{ANY_NAME}={section}__{key}={value}
Configurations with environment variables are the simplest way to explore and debug quickly, but we recommend
to write your configuration file based on the default provided with collectorforkubernetes.yaml.
Using secrets to manage configurations
You can use Kubernetes secrets and map them as an environment variable to override configurations for the collector.
As an example, we will show how you can configure HTTP Event Collector and License with secrets.
At first, make sure that collectorforkubernetes namespace already exists. If it does not exist, you need to create it.
kubectl create namespace collectorforkubernetes
kubectl create secret generic collectorforkubernetes \ --namespace collectorforkubernetes \ --from-literal=splunk-token="output.splunk__token=B5A79AAD-D822-46CC-80D1-819F80D7BFB0" \ --from-literal=license="general__license="
In our YAML manifest find a configuration of environment variables for each Deployment type (2 DaemonSets and 1 Deployment) and add following the information to the environment variables
env: - name: COLLECTOR__SPLUNK_TOKEN valueFrom: secretKeyRef: name: collectorforkubernetes key: splunk-token - name: COLLECTOR__LICENSE valueFrom: secretKeyRef: name: collectorforkubernetes key: license
Apply the manifest by following installation instructions.
Attaching EC2 Metadata
You can include EC2 metadata with the forwarded data (logs and metrics) by specifying desired field name and path from Instance Metadata and User Data.
# Include EC2 Metadata (see list of possible fields https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) # Should be in format ec2Metadata.{desired_field_name} = {url path to read the value} # ec2Metadata.ec2_instance_id = /latest/meta-data/instance-id # ec2Metadata.ec2_instance_type = /latest/meta-data/instance-type
As an example, you can modify YAML file and include two fields ec2_instance_id and ec2_instance_type
[general] ... ec2Metadata.ec2_instance_id = /latest/meta-data/instance-id ec2Metadata.ec2_instance_type = /latest/meta-data/instance-type ...
Placeholders in indexes and sources
You can apply dynamic index names in the configurations to forward logs or stats to a specific index, based on the meta fields. For example, you can define an index as
[input.files] index = oc_{{kubernetes_namespace}}
Similarly you can change the source of all the forwarded logs like
[input.files] source = /{{kubernetes_namespace}}/{{::coalesce(kubernetes_daemonset_name, kubernetes_deployment_name, kubernetes_statefulset_name, kubernetes_cronjob_name, kubernetes_job_name, kubernetes_replicaset_name, kubernetes_pod_name)}}/{{kubernetes_pod_name}}/{{kubernetes_container_name}}
Links
-
Installation
- Start monitoring your Kubernetes environments in under 10 minutes.
- Automatically forward host, container and application logs.
- Test our solution with the embedded 30 days evaluation license.
-
Collector Configuration
- Collector configuration reference.
-
Annotations
- Changing index, source, sourcetype for namespaces, workloads and pods.
- Forwarding application logs.
- Multi-line container logs.
- Fields extraction for application and container logs (including timestamp extractions).
- Hiding sensitive data, stripping terminal escape codes and colors.
- Forwarding Prometheus metrics from Pods.
-
Audit Logs
- Configure audit logs.
- Forwarding audit logs.
-
Prometheus metrics
- Collect metrics from control plane (etcd cluster, API server, kubelet, scheduler, controller).
- Configure collector to forward metrics from the services in Prometheus format.
-
Configuring Splunk Indexes
- Using not default HTTP Event Collector index.
- Configure the Splunk application to use not searchable by default indexes.
-
Splunk fields extraction for container logs
- Configure search-time fields extractions for container logs.
- Container logs source pattern.
-
Configurations for Splunk HTTP Event Collector
- Configure multiple HTTP Event Collector endpoints for Load Balancing and Fail-overs.
- Secure HTTP Event Collector endpoint.
- Configure the Proxy for HTTP Event Collector endpoint.
-
Monitoring multiple clusters
- Learn how you can monitor multiple clusters.
- Learn how to set up ACL in Splunk.
-
Streaming Kubernetes Objects from the API Server
- Learn how you can stream all changes from the Kubernetes API Server.
- Stream changes and objects from Kubernetes API Server, including Pods, Deployments or ConfigMaps.
-
License Server
- Learn how you can configure remote License URL for Collectord.
- Monitoring GPU
- Alerts
- Troubleshooting
- Release History
- Upgrade instructions
- Security
- FAQ and the common questions
- License agreement
- Pricing
- Contact
