Feat/splunk distribution poc#232
Closed
kylehounslow wants to merge 3 commits intoopensearch-project:mainfrom
Closed
Feat/splunk distribution poc#232kylehounslow wants to merge 3 commits intoopensearch-project:mainfrom
kylehounslow wants to merge 3 commits intoopensearch-project:mainfrom
Conversation
Local POC overlay that inserts Splunk's OTel Collector distribution as a tee
in front of the base otel-collector. Demo apps send OTLP to splunk-otel-collector
(redirected via OTEL_COLLECTOR_HOST override), which fans out to:
- Splunk Observability Cloud (APM via otlphttp, IM via signalfx, Log Observer via splunk_hec)
- base otel-collector -> Data Prepper -> OpenSearch (unchanged existing path)
Purpose: ground-truth what Splunk Observability Cloud accepts from otel-demo so we
can make informed decisions about compat overlay receiver scope (signalfxreceiver,
zipkinreceiver) and the 'drop-in for Splunk Observability Cloud' framing.
Files:
- docker-compose.splunk-demo.yml: compose overlay adding splunk-otel-collector service
- docker-compose/splunk-otel-collector/config.yaml: container-friendly Splunk collector config
(trimmed from Splunk's agent_config.yaml — host-level receivers and smartagent extensions
removed; OTLP-only receivers; tee exporter to base otel-collector:4317)
- docker-compose/splunk-otel-collector/README.md: how to run and verify
- .env.splunk-poc.example: credential + demo-redirect template
- .gitignore: ignore the real .env.splunk-poc
Not a production configuration. Local exploration only.
Signed-off-by: Kyle Hounslow <kylhouns@amazon.com>
.env.splunk-poc now sets INCLUDE_COMPOSE_OTEL_DEMO so the otel-demo overlay is pulled in automatically via the base compose's include directive. Run command drops from three -f flags to two. Also switches README example from 'docker compose' to 'finch compose' to match the project's default container runtime. Signed-off-by: Kyle Hounslow <kylhouns@amazon.com>
Applies technical-writing.md and otel-contrib-pr-rubric.md:
- README: strip narrative prose, us-vs-them framing, and AI-tone defensives;
drop docker commands in favor of the finch path users actually run.
- README: document finch's --env-file substitution limitation explicitly
(cannot feed ${VAR} expansion in compose files) and show the working
append-and-restore workflow.
- README: add real validation caveat for splunk_hec 404 on /v1/log with the
access token reused as HEC token; note logs still land in OpenSearch.
- config.yaml: terse header, one-line comments per exporter, no rationale
prose.
- docker-compose.splunk-demo.yml: two-line header, one-line port comment.
- .env.splunk-poc.example: remove explanatory prose, leave only locations
and required vars.
No behavioral changes.
Signed-off-by: Kyle Hounslow <kylhouns@amazon.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Describe what this change achieves.
Issues Resolved
List any issues this PR will resolve, e.g. Closes [...].
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.