Skip to content

Enable sending internal logs from other Splunk servers #87

Open
@justinrush

Description

@justinrush

My use case for using the operator is to hold _internal logs for my existing Splunk cluster. The operator creates a service for all the ports on the indexer cluster, but creating an ingress for the s2s port seems to result in splunkd on external boxes trying to connect directly to the IP, which obviously won't work as it is an L7 load balancer. I created a service for the s2s port and exposed with a L4 LB - its not that hard to manually create that service, but it would be great if there was a way to do that with the CRDs.

Exposing it with an L4 allowed me to edit outputs.conf on other Splunk servers to send _internal logs over, but the service is stomping on the host attribute and that host attribute is set to whatever indexer receives the logs. Not sure why that is.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions