splunkenterprisereceiver

package module
v0.99.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

README

Splunk Enterprise Receiver

The Splunk Enterprise Receiver is a pull based tool which enables the ingestion of performance metrics describing the operational status of a user's Splunk Enterprise deployment to an appropriate observability tool. It is designed to leverage several different data sources to gather these metrics including the introspection api endpoint and serializing results from ad-hoc searches. Because of this, care must be taken by users when enabling metrics as running searches can effect your Splunk Enterprise Deployment and introspection may fail to report for Splunk Cloud deployments. The primary purpose of this receiver is to empower those tasked with the maintenance and care of a Splunk Enterprise deployment to leverage opentelemetry and their observability toolset in their jobs.

Configuration

The following settings are required, omitting them will either cause your receiver to fail to compile or result in 4/5xx return codes during scraping.

NOTE: These must be set for each Splunk instance type (indexer, search head, or cluster master) from which you wish to pull metrics. At present, only one of each type is accepted, per configured receiver instance. This means, for example, that if you have three different "indexer" type instances that you would like to pull metrics from you will need to configure three different splunkenterprise receivers for each indexer node you wish to monitor.

  • basicauth (from basicauthextension): A configured stanza for the basicauthextension.
  • auth (no default): String name referencing your auth extension.
  • endpoint (no default): your Splunk Enterprise host's endpoint.

The following settings are optional:

  • collection_interval (default: 10m): The time between scrape attempts.
  • timeout (default: 60s): The time the scrape function will wait for a response before returning empty.

Example:

extensions:
    basicauth/indexer:
        client_auth:
            username: admin
            password: securityFirst
    basicauth/cluster_master:
        client_auth:
            username: admin
            password: securityFirst

receivers:
    splunkenterprise:
        indexer:
            auth: 
              authenticator: basicauth/indexer
            endpoint: "https://localhost:8089"
            timeout: 45s
        cluster_master:
            auth: 
              authenticator: basicauth/cluster_master
            endpoint: "https://localhost:8089"
            timeout: 45s

exporters:
  logging:
    loglevel: info

service:
  extensions: [basicauth/indexer, basicauth/cluster_master]
  pipelines:
    metrics:
      receivers: [splunkenterprise]
      exporters: [logging]

For a full list of settings exposed by this receiver please look here with a detailed configuration here.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewFactory 

func NewFactory() receiver.Factory

Types

type Config 

type Config struct {
	scraperhelper.ControllerConfig `mapstructure:",squash"`
	metadata.MetricsBuilderConfig  `mapstructure:",squash"`
	IdxEndpoint                    confighttp.ClientConfig `mapstructure:"indexer"`
	SHEndpoint                     confighttp.ClientConfig `mapstructure:"search_head"`
	CMEndpoint                     confighttp.ClientConfig `mapstructure:"cluster_master"`
}

func (*Config) Validate 

func (cfg *Config) Validate() (errors error)

type IdxEBucketDirs added in v0.87.0 

type IdxEBucketDirs struct {
	Cold   IdxEBucketDirsDetails `json:"cold"`
	Home   IdxEBucketDirsDetails `json:"home"`
	Thawed IdxEBucketDirsDetails `json:"thawed"`
}

type IdxEBucketDirsDetails added in v0.87.0 

type IdxEBucketDirsDetails struct {
	Capacity        string `json:"capacity"`
	EventCount      string `json:"event_count"`
	EventMaxTime    string `json:"event_max_time"`
	EventMinTime    string `json:"event_min_time"`
	HotBucketCount  string `json:"hot_bucket_count"`
	WarmBucketCount string `json:"warm_bucket_count"`
	WarmBucketSize  string `json:"warm_bucket_size"`
}

type IdxEContent added in v0.87.0 

type IdxEContent struct {
	TotalBucketCount string         `json:"total_bucket_count"`
	TotalEventCount  int            `json:"totalEventCount"`
	TotalSize        string         `json:"total_size"`
	TotalRawSize     string         `json:"total_raw_size"`
	BucketDirs       IdxEBucketDirs `json:"bucket_dirs"`
}

type IdxEEntry added in v0.87.0 

type IdxEEntry struct {
	Name    string      `json:"name"`
	Content IdxEContent `json:"content"`
}

type IdxQContent added in v0.87.0 

type IdxQContent struct {
	CurrentSize      int `json:"current_size"`
	CurrentSizeBytes int `json:"current_size_bytes"`
	LargestSize      int `json:"largest_size"`
	MaxSizeBytes     int `json:"max_size_bytes"`
}

type IndexesExtended added in v0.87.0 

type IndexesExtended struct {
	Entries []IdxEEntry `json:"entry"`
}

'/services/data/indexes-extended'

type IntrQEntry added in v0.87.0 

type IntrQEntry struct {
	Name    string      `json:"name"`
	Content IdxQContent `json:"content"`
}

type IntrospectionQueues added in v0.87.0 

type IntrospectionQueues struct {
	Entries []IntrQEntry `json:"entry"`
}

'/services/server/introspection/queues'

Source Files

View all Source files

Directories

Path Synopsis
internal
metadata

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.