Offloading analytics data to Splunk HEC exporter

Configure the DataPower Interact Gateway Collector to export telemetry data to Splunk HTTP Event Collector (HEC) for centralized logging and analysis.

Before you begin

Make sure

  • you have a valid Splunk HEC token.
  • you have the Splunk HEC endpoint URL.
  • you have the Splunk index name where the offloaded Analytics data need to be stored.

About this task

The Splunk HEC exporter sends traces, logs, and metrics from the DataPower Interact Gateway Collector to your Splunk instance for monitoring and analysis.

Procedure

  1. Identify the namespace where the collector is deployed.
    kubectl get ns

    Sample output:

    NAME                    STATUS   AGE
    default                 Active   5h6m
    fyre-ci-293280          Active   5h2m
    Note: Lists all namespaces and their deployments, including the DataPower Interact Gateway. In this example, fyre-ci-293280 is the namespace in which the DataPower Interact Gateway is deployed.
  2. Create a Kubernetes secret containing the Splunk HEC configuration.
    kubectl create secret generic splunk-credentials \
      --from-literal=SPLUNK_HEC_TOKEN='YOUR_HEC_TOKEN' \
      --from-literal=SPLUNK_HEC_ENDPOINT='https://splunk.example.com:8088/services/collector' \
      --from-literal=SPLUNK_INDEX='main' \
      -n <namespace>
    Important: Replace YOUR_HEC_TOKEN, https://splunk.example.com:8088/services/collector, and main with your actual Splunk HEC token, endpoint, and index name.

    Output:

    secret/splunk-credentials created
  3. Verify that the secret was created successfully.
    kubectl get secret splunk-credentials -n <namespace>
  4. Identify the collector deployment.
    kubectl get deployment -n <namespace> | grep collector

    Sample output:

    idig-nanogw-nanogw-analytics-collector   1/1     1     1     5h
  5. Edit the collector deployment to inject the secret as environment variables.
    kubectl edit deployment <deployment_name> -n <namespace>
    1. Locate the containers section for the analytics-collector container.
    2. Add the following envFrom section under the container definition:
      envFrom:
        - secretRef:
            name: splunk-credentials
      Sample deployment configuration:
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: idig-nanogw-nanogw-analytics-collector
        namespace: <namespace>
      spec:
        replicas: 1
        selector:
          matchLabels:
            app.kubernetes.io/name: nanogw-analytics-collector
        template:
          metadata:
            labels:
              app.kubernetes.io/name: nanogw-analytics-collector
          spec:
            containers:
            - name: analytics-collector
              image: your-image:tag
              envFrom:
              - secretRef:
                  name: splunk-credentials
    3. Save and exit the editor.
  6. Identify the collector ConfigMap.
    kubectl get configmap -n <namespace> | grep collector

    Sample output:

    idig-nanogw-collector-config                       1      5h11m
  7. Edit the collector ConfigMap to add the Splunk HEC exporter configuration.
    kubectl edit configmap <configmap_name> -n <namespace>
    1. Add the following exporter configuration under the exporters section:
      exporters:
        splunk_hec:
          token: '${SPLUNK_HEC_TOKEN}'
          endpoint: '${SPLUNK_HEC_ENDPOINT}'
          source: 'otel'
          sourcetype: 'otel'
          index: '${SPLUNK_INDEX}'
          tls:
            insecure_skip_verify: false
    2. Update the service pipelines to include the Splunk HEC exporter:
      service:
        pipelines:
          traces/splunk:
            receivers: [otlp]
            processors: [batch/apic]
            exporters: [splunk_hec]
      
          logs/splunk:
            receivers: [otlp]
            processors: [batch/apic]
            exporters: [splunk_hec]
      
          metrics/splunk:
            receivers: [otlp]
            processors: [batch/apic]
            exporters: [splunk_hec]
    3. Save the ConfigMap.

      Example ConfigMap structure:

      apiVersion: v1
      kind: ConfigMap
      metadata:
        name: idig-nanogw-collector-config
        namespace: <namespace>
      data:
        config.yaml: |
          receivers:
            ...
      
          processors:
            batch/apic:
              ...
      
          exporters:
            splunk_hec:
              token: '${SPLUNK_HEC_TOKEN}'
              endpoint: '${SPLUNK_HEC_ENDPOINT}'
              source: 'otel'
              sourcetype: 'otel'
              index: '${SPLUNK_INDEX}'
              tls:
                insecure_skip_verify: false
      
          service:
            pipelines:
              traces/splunk:
                receivers: [otlp]
                processors: [batch/apic]
                exporters: [splunk_hec]
      
              logs/splunk:
                receivers: [otlp]
                processors: [batch/apic]
                exporters: [splunk_hec]
      
              metrics/splunk:
                receivers: [otlp]
                processors: [batch/apic]
                exporters: [splunk_hec]
  8. Restart the collector deployment to apply the changes.
    kubectl rollout restart deployment <deployment_name> -n <namespace>

    Sample output:

    deployment.apps/idig-nanogw-nanogw-analytics-collector restarted
  9. Verify that the collector pods restart successfully.
    kubectl get pods -n <namespace> | grep collector

    Sample output:

    idig-nanogw-nanogw-analytics-collector-7d4f8ccf45-bk468   1/1   Running   0   30s

    The OpenTelemetry Collector is now configured to export telemetry data to Splunk HEC. Traces, logs, and metrics will be sent to your Splunk instance for analysis and monitoring.