Feature Request: configure splunk-hec via ClusterLogForwarder

Question

Feature Request: configure splunk-hec via ClusterLogForwarder

toastbrotch opened this issue 4 years ago · comments

i've found quite a bunch of documentations where logforwarding to splunk is done via additional fluentd but none how to do this directly. as far as i see the fluend image already contains fluent-plugin-splunk-hec so i request a possiblity to configure it directly via cluster-logging-operator for simplicity and stability. maybe its already possible, but i could not find it. thanx

Christian Heidenreich · Answer 1 · Wed Mar 03 2021 16:29:14 GMT+0800 (China Standard Time)

Hi @toastbrotch. Thanks for reaching out. Have you ever thought about using Splunk Connect for Kubernetes to forward logs to Splunk? It is a component provided and supported by Splunk themselves. We usually encourage everyone to do that instead of using OpenShift Logging. We still think about adding something in the future to cover cases where you send messages to multiple different third party systems, but it's a very low priority for us compared to other things on our backlog.

mr.shintla · Answer 2 · Wed Mar 24 2021 15:36:10 GMT+0800 (China Standard Time)

i've gone the route/hack with another fluentd where i'm able to configure HEC. I don't want thirdparty privileged pods all around the cluster, so "Splunk Connect for Kubernetes" is no option. i'd still prefer a real solution as proposed...

docs i used:
https://www.openshift.com/blog/forwarding-logs-to-splunk-using-the-openshift-log-forwarding-api
https://github.com/sabre1041/openshift-logforwarding-splunk

Valentino Uberti · Answer 3 · Mon Mar 29 2021 21:47:36 GMT+0800 (China Standard Time)

Hi, I need this feature too

Jeff Cantrill · Answer 4 · Wed Jun 16 2021 04:40:15 GMT+0800 (China Standard Time)

Closing in favor of https://issues.redhat.com/browse/LOG-1095