Offloading analytics data to Splunk HEC exporter
Configure the DataPower Interact Gateway Collector to export telemetry data to Splunk HTTP Event Collector (HEC) for centralized logging and analysis.
Before you begin
Make sure
- you have a valid Splunk HEC token.
- you have the Splunk HEC endpoint URL.
- you have the Splunk index name where the offloaded Analytics data need to be stored.
About this task
The Splunk HEC exporter sends traces, logs, and metrics from the DataPower Interact Gateway Collector to your Splunk instance for monitoring and analysis.
Procedure
-
Identify the namespace where the collector is deployed.
kubectl get nsSample output:
NAME STATUS AGE default Active 5h6m fyre-ci-293280 Active 5h2mNote: Lists all namespaces and their deployments, including the DataPower Interact Gateway. In this example,fyre-ci-293280is the namespace in which the DataPower Interact Gateway is deployed. -
Create a Kubernetes secret containing the Splunk HEC configuration.
kubectl create secret generic splunk-credentials \ --from-literal=SPLUNK_HEC_TOKEN='YOUR_HEC_TOKEN' \ --from-literal=SPLUNK_HEC_ENDPOINT='https://splunk.example.com:8088/services/collector' \ --from-literal=SPLUNK_INDEX='main' \ -n <namespace>Important: ReplaceYOUR_HEC_TOKEN,https://splunk.example.com:8088/services/collector, andmainwith your actual Splunk HEC token, endpoint, and index name.Output:
secret/splunk-credentials created -
Verify that the secret was created successfully.
kubectl get secret splunk-credentials -n <namespace> -
Identify the collector deployment.
kubectl get deployment -n <namespace> | grep collectorSample output:
idig-nanogw-nanogw-analytics-collector 1/1 1 1 5h -
Edit the collector deployment to inject the secret as environment variables.
kubectl edit deployment <deployment_name> -n <namespace>-
Locate the
containerssection for theanalytics-collectorcontainer. -
Add the following
envFromsection under the container definition:envFrom: - secretRef: name: splunk-credentialsSample deployment configuration:apiVersion: apps/v1 kind: Deployment metadata: name: idig-nanogw-nanogw-analytics-collector namespace: <namespace> spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: nanogw-analytics-collector template: metadata: labels: app.kubernetes.io/name: nanogw-analytics-collector spec: containers: - name: analytics-collector image: your-image:tag envFrom: - secretRef: name: splunk-credentials - Save and exit the editor.
-
Locate the
-
Identify the collector ConfigMap.
kubectl get configmap -n <namespace> | grep collectorSample output:
idig-nanogw-collector-config 1 5h11m -
Edit the collector ConfigMap to add the Splunk HEC exporter configuration.
kubectl edit configmap <configmap_name> -n <namespace>-
Add the following exporter configuration under the
exporterssection:exporters: splunk_hec: token: '${SPLUNK_HEC_TOKEN}' endpoint: '${SPLUNK_HEC_ENDPOINT}' source: 'otel' sourcetype: 'otel' index: '${SPLUNK_INDEX}' tls: insecure_skip_verify: false -
Update the service pipelines to include the Splunk HEC exporter:
service: pipelines: traces/splunk: receivers: [otlp] processors: [batch/apic] exporters: [splunk_hec] logs/splunk: receivers: [otlp] processors: [batch/apic] exporters: [splunk_hec] metrics/splunk: receivers: [otlp] processors: [batch/apic] exporters: [splunk_hec] -
Save the ConfigMap.
Example ConfigMap structure:
apiVersion: v1 kind: ConfigMap metadata: name: idig-nanogw-collector-config namespace: <namespace> data: config.yaml: | receivers: ... processors: batch/apic: ... exporters: splunk_hec: token: '${SPLUNK_HEC_TOKEN}' endpoint: '${SPLUNK_HEC_ENDPOINT}' source: 'otel' sourcetype: 'otel' index: '${SPLUNK_INDEX}' tls: insecure_skip_verify: false service: pipelines: traces/splunk: receivers: [otlp] processors: [batch/apic] exporters: [splunk_hec] logs/splunk: receivers: [otlp] processors: [batch/apic] exporters: [splunk_hec] metrics/splunk: receivers: [otlp] processors: [batch/apic] exporters: [splunk_hec]
-
Add the following exporter configuration under the
-
Restart the collector deployment to apply the changes.
kubectl rollout restart deployment <deployment_name> -n <namespace>Sample output:
deployment.apps/idig-nanogw-nanogw-analytics-collector restarted -
Verify that the collector pods restart successfully.
kubectl get pods -n <namespace> | grep collectorSample output:
idig-nanogw-nanogw-analytics-collector-7d4f8ccf45-bk468 1/1 Running 0 30sThe OpenTelemetry Collector is now configured to export telemetry data to Splunk HEC. Traces, logs, and metrics will be sent to your Splunk instance for analysis and monitoring.