Published 2021-03-18

Splunk on Kubernetes clusters using Cluster Profiles

Senior Software Engineer @ Spectro Cloud

Splunk integration in Spectro Cloud

Splunk helps search, analyze, and visualize machine-generated data from different sources (websites, applications, sensors, and other devices) and could be an insightful tool to help troubleshoot issues quickly. On Kubernetes platforms, even administrators without a tremendous amount of Kubernetes experience can use Splunk to help troubleshoot applications deployed on the platform.

In this blog, let's look into the following use cases:

  • How Splunk can be integrated into Kubernetes clusters provisioned by Spectro Cloud, and

  • How to use Splunk for troubleshooting.

Before we deep dive into the integration steps, a quick overview of Splunk plugin architecture:

Splunk Connect for Kubernetes plugin helps forward the following data from Kubernetes clusters to Splunk:

  • Logs,

  • Metrics, and

  • Objects.

This plugin leverages the components:

Splunk Connect for Kubernetes | Architecture

Before you begin with the integration, the following prerequisites are required on the Splunk side:

  • Use Splunk Enterprise 7.0 or later / Splunk Cloud,

  • Setup HTTP Event Collector in Splunk, and

  • Have a minimum of two Splunk indexes ready to collect the data.

Deploying Splunk plugin on Kubernetes Cluster

For deploying the Splunk plugin on a Kubernetes cluster provisioned by Spectro Cloud, follow the steps below:

  1. Spectro Cloud provides a declarative model for Kubernetes infrastructure layers, called a cluster profile. When creating your cluster profile, select Logging layer > Splunk Connect for Kubernetes.

  2. Choose the desired version of the Splunk chart to deploy on the cluster.

  3. Update the chart values with your Splunk config details accordingly.

  4. Finish the cluster profile.

  5. For new clusters, choose the profile which has Splunk integration in the cluster provisioning wizard.

  6. For existing clusters, once you add Splunk integration to the profile, clusters will show an update notification. Apply the notification for Splunk Connect for Kubernetes plugin to be deployed on the cluster.

Splunk logging layer in a Spectro Cloud Cluster Profile

Splunk Connect for Kubernetes | Helm chart values

Once deployed, you’ll see the following Splunk related deployments running in the Kubernetes cluster.

SCK plugin components on a Kubernetes cluster

And within a few seconds, you’ll see all the logs and other information from your Kubernetes cluster in Splunk:

From here on, you can use Splunk’s native features to troubleshoot issues quickly. For example, to look up all the logs from a specific namespace pods in the last 15 mins, you could use the search feature to filter the information.

Likewise, to find out HTTP 404 (Not found) errors that occurred in the last hour, you could run a wildcard search as shown below. In this example, Splunk will match all the index data that includes 404 patterns.

These tools in Splunk will allow the platform administrators to quickly troubleshoot issues, even when they don’t have much knowledge on what each of the different applications deployed on the Kubernetes cluster does.

The search was just one feature in Splunk. You could also setup alerts to be triggered for specific conditions, generate reports for analytics, and do much more with Splunk integration. One more noteworthy aspect of Splunk is 3rd party app integrations. There are many apps that provide default search patterns and fancy visualizations to make applications troubleshooting a cakewalk.

Author Bio
Senior Software Engineer @ Spectro Cloud
Boobalan is a passionate software engineer having core expertise in design and development of enterprise software products. Besides work, he enjoys playing volleyball and cooking.

Related Articles

  • Blog Posts

    How to keep your Kubernetes secrets… secret

    Read our article
  • Blog Posts

    Kubernetes for dummies tutorial

    Read our article
  • Blog Posts

    Enterprise challenges for containers and Kubernetes

    Read our article
  • Blog Posts

    Why we Invested in Spectro Cloud

    Read our article
Be the first to receive the latest on
K8s, Palette, our upcoming webinar, events, and much more!

We are using the information you provide to us to send you our montly newsletter. You may unsubscribe at any time.
For more information, please see our Privacy Policy.

Spectro Cloud uniquely enables organizations to manage Kubernetes in production, at scale. Our Palette management platform gives effortless control of the full Kubernetes lifecycle, across clouds, data centers, bare metal and edge environments.
Connect with us
Connect with us

© 2022 Spectro Cloud®. All rights reserved.