Uploaded image for project: 'Observability and Data Analysis Program'
  1. Observability and Data Analysis Program
  2. OBSDA-85

Support Splunk as output for ClusterLogForwarder

XMLWordPrintable

    • False
    • False
    • SRES-Arch
    • Undefined

      Goals

      • Provide a new output option to forward logs to Splunk.

      Non-Goals

      Motivation

      Usually, we recommend to use Splunk Connect for Kubernetes but some customers have requirements to send logs to multiple, different systems including Splunk. For these use cases, they'd like to avoid deploying multiple different "Agents" and want to use our supported solution instead.

      Alternatives

      For forwarding logs only to Splunk, users should use Splunk Connect for Kubernetes.

      Acceptance Criteria

      Risk and Assumptions

      Documentation Considerations

      Open Questions

      Additional Notes

      Original Request =========================================
      Proposed title of this feature request

      Support Splunk as output for ClusterLogForwarder

       

      What is the nature and description of the request?

      Splunk is one of the big players in logging management and nowadays there's no direct support to it in ClusterLogForwarder.

       

      Why does the customer need this?

      Customer has a mix of external Elasticsearch and Splunk clusters and would like to send the logs directly from Fluentd to it using HEC via the fluent-plugin-splunk-hec plugin, which is already present in the redhat fluentd image used on OCP4.

       

      They're aware of valid solutions like setting an external Fluentd and forward the logs from there to Splunk, but considering how popular is Splunk makes sense to make it a supported ouptut.

       

      List any affected packages or components.

      Cluster Logging

            rh-ee-rfloren Roger Florén
            sgarciam@redhat.com Sergio Garcia Martinez
            Votes:
            33 Vote for this issue
            Watchers:
            57 Start watching this issue

              Created:
              Updated:
              Resolved: