Splunk Heavy or Universal Forwarders (TCP) Source

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Use Observability Pipelines’ Splunk Heavy and Universal Forwards (TCP) source to receive logs sent to you your Splunk forwarders. Select and set up this source when you set up a pipeline.

Prerequisites

To use Observability Pipelines’s Splunk TCP source, you have a Splunk Enterprise or Cloud Instance alongside either a Splunk Universal Forwarder or a Splunk Heavy Forwarder routing data to your Splunk instance. You also have the following information available:

  • The bind address that your Observability Pipelines Worker will listen on to receive logs from your applications. For example, 0.0.0.0:8088. Later on, you configure your applications to send logs to this address.
  • The appropriate TLS certificates and the password you used to create your private key if your forwarders are globally configured to enable SSL.

See Deploy a Universal Forwarder or Deploy a Heavy Forwarder for more information on Splunk forwarders.

Set up the source in the pipeline UI

Select and set up this source when you set up a pipeline. The information below is for the source settings in the pipeline UI.

원하는 경우 토글을 클릭하여 TLS를 사용하도록 설정합니다. TLS를 사용하도록 설정하는 경우 다음 인증서 및 키 파일이 필요합니다:

  • Server Certificate Path: 인증 기관(CA) 루트 파일에 의해 서명된 인증서 파일의 경로(DER 또는 PEM(X.509)입니다.
  • CA Certificate Path: 인증 기관(CA) 루트 파일(DER 또는 PEM(X.509))인 인증서 파일의 경로입니다.
  • Private Key Path: 서버 인증서 경로에 속하는 .key 개인 키 파일의 경로(DER 또는 PEM(PKCS#8) 형식)입니다.

Connect Splunk Forwarder to the Observability Pipelines Worker

To forward your logs to the Worker, add the following configuration to your Splunk Heavy/Universal Forwarder’s etc/system/local/outputs.conf and replace <OPW_HOST> with the IP/URL of the host (or load balancer) associated with the Observability Pipelines Worker:

[tcpout]
compressed=false
sendCookedData=false
defaultGroup=opw

[tcpout:opw]
server=<OPW_HOST>:8099

<OPW_HOST> is the IP/URL of the host (or load balancer) associated with the Observability Pipelines Worker. For CloudFormation installs, the LoadBalancerDNS CloudFormation output has the correct URL to use. For Kubernetes installs, the internal DNS record of the Observability Pipelines Worker service can be used. For example: opw-observability-pipelines-worker.default.svc.cluster.local.

At this point, your logs should be going to the Worker, processed by the pipeline, and delivered to the configured destination.