How to send logs to splunk from Openshift

Solution Verified - Updated -

Environment

  • Openshift Container Platform
    • 3.3
    • 3.4
    • 3.5

Issue

How to use rsyslog to send logs from Openshift to Splunk.

Resolution

For 3.4 and up , see this document link :
https://docs.openshift.com/container-platform/3.4/install_config/aggregate_logging.html

Specifically the section titled :

Configuring Fluentd to Send Logs to an External Log Aggregator

Splunk integration with Flunetd could be achieved with something like :
https://github.com/parolkar/fluent-plugin-splunk

Root Cause

For versions earlier then 3.4
We do not support integration for openshift logging into Splunk. It would require some additional plugin. We have an existing RFE on which Engineering team is working.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.