Fluentd-Splunk on Kubernetes
Send kubernetes logs to splunk using fluentd
Before start
Download the project
curl -L https://github.com/apprenda/fluentd-splunk/archive/v0.1.tar.gz | tar -xz
Create config-map
for fluentd.conf
Modify fluentd.conf
with custom <source>
definitions if needed.
kubectl create configmap fluentd-config --from-file=fluentd.conf --namespace=kube-system
Create secret
with the Splunk HEC configuration for fluentd.conf
kubectl --namespace kube-system create secret generic splunk-config \
--from-literal=hec-token=$HEC_TOKEN \
--from-literal=hec-address=$HEC_ADDRESS \
--from-literal=hec-protocol=$HEC_PROTOCOL \
--from-literal=hec-verify-tls=$HEC_VERIFY_TLS \
--from-literal=hec-index=$HEC_INDEX
HEC_TOKEN
: a unique token generated by SplunkHEC_ADDRESS
: Do not include the protocol. ie10.0.0.5:8088
HEC_PROTOCOL
:https
orhttp
HEC_VERIFY_TLS
: set tofalse
if using self-signed certHEC_INDEX
: index configured in HEC
Deploy Daemonset
kubectl apply -f kubernetes/fluentd-splunk.yaml