Alternate deployment options for the OpenTelemetry Collector on non-Kubernetes, non-Helm platforms

The following minimum versions are required for an OpenTelemetry collector deployed on a non-Kubernetes, non-Helm platform:

  • Splunk Distribution of OpenTelemetry Collector v0.119.0

  • Community (OSS) version of the OpenTelemetry Collector v0.119.0

  1. Deploy the Splunk Distribution of OpenTelemetry Collector:
  2. Add settings to the collector configuration to support Secure Application.

    Follow the instructions below that match the host or container platform that you deployed the collector on.

Modify a collector that’s deployed in agent mode

Set up a new logs pipeline containing a routing connector and an exporter for Secure Application logs.

In agent mode the collector sends telemetry directly to Splunk Observability Cloud.

Tip: The default configuration file for the collector in agent mode is agent_config.yaml
Note: These steps are written for the Splunk Distribution of OpenTelemetry Collector. If you deployed the community (OSS) version of OpenTelemetry collector, modify the steps and settings as needed.
  1. Locate the YAML file that contains the configuration for the collector in agent mode:
    • For Linux, the default location is /etc/otel/collector/agent_config.yaml
    • For Windows, the default location is \ProgramData\Splunk\OpenTelemetry Collector\agent_config.yaml
  2. Edit the YAML file to add sections for routing connector, pipeline and exporter components for receiving and exporting Secure Application data to the Splunk Observability Cloud backend:
    1. Add a routing connector named routing/logs:
      YAML 
      connectors:
  routing/logs:
    default_pipelines: [logs]
    table:
      - context: log
        condition: instrumentation_scope.name == "secureapp"
        pipelines: [logs/secureapp]
    2. Add an exporter for Secure Application data:
      YAML 
      exporters:
  ...
  otlphttp/secureapp:
    logs_endpoint: "${SPLUNK_INGEST_URL}/v3/event"
    headers:
      "X-SF-TOKEN": "${SPLUNK_ACCESS_TOKEN}"
      "X-Splunk-Instrumentation-Library": secureapp
    3. Add a logs pipeline named logs/secureapp for handling Secure Application logs data
      YAML 
      service:
  pipelines:
    ...
    logs/split:
      receivers: [otlp]
      exporters: [routing/logs]
    logs/secureapp:
      receivers: [routing/logs]
      processors: [memory_limiter, batch]
      exporters: [otlphttp/secureapp]
  3. Restart your collector.

Modify a collector that's deployed in gateway mode

Set up a new logs pipeline containing a routing connector and an exporter for Secure Application logs.

In gateway mode the collector sends telemetry directly to Splunk Observability Cloud.

Tip: The default configuration file for the collector in gateway mode is gateway_config.yaml
Note: These steps are written for the Splunk Distribution of OpenTelemetry Collector. If you deployed the community (OSS) version of OpenTelemetry collector, modify the steps and settings as needed.
  1. Locate the YAML file that contains the configuration for the collector in agent mode:

    • For Linux, the default location is /etc/otel/collector/gateway_config.yaml

    • For Windows, the default location is\ProgramData\Splunk\OpenTelemetry Collector\gateway_config.yaml

  2. Edit the YAML file to add sections for routing connector, pipeline and exporter components for receiving and exporting Secure Application data to the Splunk Observability Cloud backend:
    1. Add a routing connector named routing/logs:
      YAML 
      connectors:
  routing/logs:
    default_pipelines: [logs]
    table:
	  ...
      - context: log
        condition: instrumentation_scope.name == "secureapp"
        pipelines: [logs/secureapp]
    2. Add an exporter for Secure Application data:
      YAML 
      exporters:
  ...
  otlphttp/secureapp:
    logs_endpoint: "${SPLUNK_INGEST_URL}/v3/event"
    headers:
      "X-SF-TOKEN": "${SPLUNK_ACCESS_TOKEN}"
      "X-Splunk-Instrumentation-Library": secureapp
    3. Add a logs pipeline named logs/secureapp for handling Secure Application logs data:
      YAML 
      service:
  pipelines:
    ...
    logs/split:
      receivers: [otlp]
      exporters: [routing/logs]
    logs/secureapp:
      receivers: [routing/logs]
      processors: [memory_limiter, batch]
      exporters: [otlphttp/secureapp]
  3. Restart your collector.

Modify a deployment consisting of both agent and gateway collectors

In this mode, collectors in agent mode send data to a central collector running in gateway mode, while collectors in gateway mode send data to Splunk Observability Cloud.

  1. Edit the default configuration file for the collector in agent mode, agent_config.yaml to use otlp/gateway as the exporter in the pipelines shown below.
    YAML 
    service:
  pipelines:
    ...
    logs:
      receivers: [fluentforward, otlp]
      processors:
      - memory_limiter
      - batch
      - resourcedetection
      #- resource/add_environment
      # exporters: [splunk_hec, splunk_hec/profiling]
      # Use this exporter when sending to gateway
      exporters: [otlp/gateway]
  2. Restart your collector.