Goals

• Provide a new output option to forward logs to Splunk.

Motivation

Usually, we recommend to use Splunk Connect for Kubernetes but some customers have requirements to send logs to multiple, different systems including Splunk. For these use cases, they'd like to avoid deploying multiple different "Agents" and want to use our supported solution instead.

Acceptance Criteria

• Verify ClusterLogForwarder defines API for forwarding to splunk
• Verify collector deployments of Vector deliver logs to a spec'd splunk service
• Verify normalized messages adhere to the viaq data model ??

Risk and Assumptions

• Risk Splunk may require alternate normalization; this may be no more challenging then syslog

Documentation Considerations

• Update matrix of supported output types with the version against which we tested
• Updated API reference documentation
• [rkratky] Document a story/proc to set up log forwarding to Splunk
• [cbremble] https://docs.google.com/document/d/1LxdPFZdXCwX2BX4DABwZVOqzUNe_YYV8oLPKyFwcfRY/edit

Open Questions

• How can we test either a functional or integration test?
• Are there mocking services we can use similar to Cloudwatch
• What credentials are required to authenticate with the service.