splunkenterprisereceiver

package module
v0.126.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 13, 2025 License: Apache-2.0 Imports: 24 Imported by: 3

README

Splunk Enterprise Receiver

Status
Stability alpha: metrics
Distributions contrib
Issues Open issues Closed issues
Code coverage codecov
Code Owners @shalper2, @MovieStoreGuy, @greatestusername

The Splunk Enterprise Receiver is a pull based tool which enables the ingestion of performance metrics describing the operational status of a user's Splunk Enterprise deployment to an appropriate observability tool. It is designed to leverage several different data sources to gather these metrics including the introspection api endpoint and serializing results from ad-hoc searches. Because of this, care must be taken by users when enabling metrics as running searches can effect your Splunk Enterprise Deployment and introspection may fail to report for Splunk Cloud deployments. The primary purpose of this receiver is to empower those tasked with the maintenance and care of a Splunk Enterprise deployment to leverage opentelemetry and their observability toolset in their jobs.

Configuration

By default the Splunk Enterprise receiver is not configured to gather any metrics other than splunk.health

The following settings are required, omitting them will either cause your receiver to fail to compile or result in 4/5xx return codes during scraping.

NOTE: These must be set for each Splunk instance type (indexer, search head, or cluster master) from which you wish to pull metrics. At present, only one of each type is accepted, per configured receiver instance. This means, for example, that if you have three different "indexer" type instances that you would like to pull metrics from you will need to configure three different splunkenterprise receivers for each indexer node you wish to monitor.

  • basicauth (from basicauthextension): A configured stanza for the basicauthextension.
  • auth (no default): String name referencing your auth extension.
  • endpoint (no default): your Splunk Enterprise host's endpoint.

The following settings are optional:

  • collection_interval (default: 10m): The time between scrape attempts.
  • timeout (default: 60s): The time the scrape function will wait for a response before returning empty.
  • build_version_info (default: false): Elect to run an additional scrape which will retrieve build and version info for the configured endpoints and attach this as attributes to the selected metrics. A value of false will report an empty string as the attribute value but will speed up the receiver slightly.

Example:

extensions:
    basicauth/indexer:
        client_auth:
            username: admin
            password: securityFirst
    basicauth/cluster_master:
        client_auth:
            username: admin
            password: securityFirst

receivers:
    splunkenterprise:
        indexer:
            auth: 
              authenticator: basicauth/indexer
            endpoint: "https://localhost:8089"
            timeout: 45s
        cluster_master:
            auth: 
              authenticator: basicauth/cluster_master
            endpoint: "https://localhost:8089"
            timeout: 45s

exporters:
  debug:
    verbosity: basic

service:
  extensions: [basicauth/indexer, basicauth/cluster_master]
  pipelines:
    metrics:
      receivers: [splunkenterprise]
      exporters: [debug]

For a full list of settings exposed by this receiver please look in config.go with a detailed configuration in testdata/config.yaml.

Documentation

Index

Constants

View Source 
const (
	// StateDone indicates a dispatch state of Done
	StateDone = "DONE"
	// StateFailed indicates a dispatch state of Failed
	StateFailed = "FAILED"
	// StateFinalizing indicates a dispatch state of Finalizing
	StateFinalizing = "FINALIZING"
	// StateParsing indicates a dispatch state of Parsing
	StateParsing = "PARSING"
	// StatePaused indicates a dispatch state of Paused
	StatePaused = "PAUSED"
	// StateQueued indicates a dispatch state of Queued
	StateQueued = "QUEUED"
	// StateRunning indicates a dispatch state of Running
	StateRunning = "RUNNING"
	// ControlError indicates a dispatch state of Error
	ControlError = "CONTROL_ERROR"
)

Variables

This section is empty.

Functions

func NewFactory 

func NewFactory() receiver.Factory

Types

type Config 

type Config struct {
	scraperhelper.ControllerConfig `mapstructure:",squash"`
	metadata.MetricsBuilderConfig  `mapstructure:",squash"`
	IdxEndpoint                    confighttp.ClientConfig `mapstructure:"indexer"`
	SHEndpoint                     confighttp.ClientConfig `mapstructure:"search_head"`
	CMEndpoint                     confighttp.ClientConfig `mapstructure:"cluster_master"`
	VersionInfo                    bool                    `mapstructure:"build_version_info"`
}

func (*Config) Validate 

func (cfg *Config) Validate() (errors error)

type Info added in v0.124.0 

type Info struct {
	Host    string      `json:"origin"`
	Entries []infoEntry `json:"entry"`
}

'/services/server/info'

Source Files

View all Source files

Directories

Path Synopsis
internal
metadata

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.