Monitoring OpenShift
Forward OpenShift logs, metrics, and events to Splunk.
Stream container logs, metadata-enriched metrics, audit logs, and OpenShift events from any cluster. Red Hat–certified images included.
Installation
Set up Splunk app, HEC, and deploy collectord
→Concepts
What Collectord does, the data model, and how configuration layers
→Configuration
Deployment files for docker.io and RHEL images
→Annotations
Control index routing, log discovery, and forwarding per pod
→Annotations reference
Full list of every annotation grouped by datatype
→Audit logs
Enable and forward OpenShift audit logs
→Prometheus metrics
Scrape metrics from control plane and applications
→Splunk indexes
Split logs and metrics into separate Splunk indexes
→Splunk field extraction
Define search-time field extraction rules for container logs
→Splunk HTTP Event Collector
Configure SSL and connection settings for Splunk HEC
→Multiple clusters
Identify and differentiate multiple clusters in Splunk
→Object streaming
Stream live OpenShift object changes to Splunk
→License server
Distribute license keys across clusters from a central URL
→GPU monitoring
Collect Nvidia GPU metrics via nvidia-smi DaemonSet
→Alerts
Predefined alerts for license, health, restarts, and OOM kills
→Troubleshooting
Verify configuration, check pod status, and diagnose issues
→Release history
Changelog of all collectord and Splunk app releases
→Upgrade
Step-by-step version upgrade instructions
→Security
Image security, container privileges, and RBAC access model
→