Duplicate logs when “splunk.com/sourcetype” annotation added to pod #1960
Unanswered
margamraviteja
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I’m using splunk otel collector version 0.124.0. Initially the see logs in Splunk with default sourcetype=“kube:container:container-name”. As per the docs, adding “splunk.com/sourcetype” annotation to pod can change the default source type. Before adding annotation I don’t see any duplicate logs. After adding annotation, I see logs one with source=“kubernetes” and other with source=“/var/log/pods/”. I used to see only logs with source=“/var/log/pods/” and source type=“kube:container:container-name”. Now I see duplicate logs with same sourcetype changed as per the annotation but different sources like kubernets or /var/log/pods/*. Can someone help me ??
Beta Was this translation helpful? Give feedback.
All reactions