Kubernetes events
Use this Splunk Observability Cloud integration for the Kubernetes events monitor. See benefits, install, configuration, and metrics
The Splunk Distribution of OpenTelemetry Collector uses the Smart Agent receiver with the
kubernetes-events monitor type to listen for Kubernetes events. The
integration calls the Kubernetes API running on manager nodes, and sends
Kubernetes events into Splunk Observability Cloud as Infrastructure
Monitoring events through the OpenTelemetry pipeline.
After it starts, the Kubernetes events monitor type sends all of the
events that Kubernetes has that are still persisted, and any new events
as they come in. The various agents decide which instance will lead and
sends event. If alwaysClusterReporter is set to true, every node
emits the same data, and there is no additional querying of the manager
node.
This monitor type is available on Kubernetes, Linux, and Windows.
Benefits
Configure the integration to access these features:
-
View events. You can create your own custom dashboards, and most monitors provide built-in dashboards as well. For information about dashboards, see View dashboards in Splunk Observability Cloud.
-
View a data-driven visualization of the physical servers, virtual machines, AWS instances, and other resources in your environment that are visible to Infrastructure Monitoring. For information about navigators, see Use navigators in Splunk Infrastructure Monitoring.
Installation
Follow these steps to deploy this integration:
-
Deploy the Splunk Distribution of the OpenTelemetry Collector to your host or container platform:
-
Configure the integration, as described in the Configuration section.
-
Restart the Splunk Distribution of the OpenTelemetry Collector.
Deploy with Helm
To activate this monitor with the Helm chart, include this argument with the helm install command:
-set splunkObservability.infrastructureMonitoringEventsEnabled='true'Deploy without Helm
To deploy without Helm, include the following in the OTel configuration:
processors:
resource/add_event_k8s:
attributes:
- action: insert
key: kubernetes_cluster
value: CHANGEME
receivers:
smartagent/kubernetes-events:
type: kubernetes-events
alwaysClusterReporter: true
service:
pipelines:
logs/events:
exporters:
- signalfx
processors:
- memory_limiter
- batch
- resourcedetection
- resource/add_event_k8s
receivers:
- smartagent/kubernetes-eventsConfiguration
To use this integration of a Smart Agent monitor with the Collector:
-
Include the Smart Agent receiver in your configuration file.
-
Add the monitor type to the Collector configuration, both in the receiver and pipelines sections.
-
See how to Use Smart Agent monitors with the Collector.
-
See how to set up the Smart Agent receiver.
-
For a list of common configuration options, refer to Common configuration settings for monitors.
-
Learn more about the Collector at Get started: Understand and use the Collector.
-
Example
To activate this integration, add the following to your Collector configuration:
receivers:
smartagent/kubernetes-events:
type: kubernetes-events
... # Additional configNext, add the monitor to the service.pipelines.metrics.receivers
section of your configuration file:
services:
logs/events:
receivers:
- smartagent/kubernetes-eventsLastly, configure which events to send. You can see the types of events happening in your cluster with the following command:
kubectl get events -o yaml --all-namespacesTo send all events, set the option _sendAllEvents to true in
your values.yaml, and remove the whitelistedEvents option.
Reason (Started, Created, Scheduled) and
Kind (Pod, ReplicaSet, Deployment…) to select which events to send.Specify a single reason and involveObjectKind individually for each event rule you want to allow.
Events are placed in the
whitelistedEventsconfiguration option as a list of events you want to send.Event names match the reason name.
Configuration settings
|
Option |
Required |
Type |
Description |
|---|---|---|---|
|
|
no |
|
Configuration of the Kubernetes API client. |
|
|
no |
| A list of event types to send events for. Only events matching these items will be sent. |
|
|
no |
| Whether to always send events from this agent instance or to do leader election to only send from one agent instance.
Default is |
The nested kubernetesAPI config object has the following fields:
|
Option |
Required |
Type |
Description |
|---|---|---|---|
|
|
no |
| To authenticate to the K8s API server: - none for noauthentication. - |
|
|
no |
| Whether to skip verifying the TLS certificate from the API server. Almost never needed. Default is |
|
|
no |
| The path to the TLS client certificate on the pod’s filesystem, if using |
|
|
no |
| The path to the TLS client key on the pod’s filesystem, if using
|
|
|
no |
| Path to a CA certificate to use when verifying the API server TLS certificate. Generally this is provided by K8s alongside the service account token, which will be picked up automatically, so this should rarely be necessary to specify. |
The nested whitelistedEvents configuration object has the
following fields:
|
Option |
Required |
Type |
|---|---|---|
|
|
no |
|
|
|
no |
|
Example YAML configuration:
receivers:
smartagent/kubernetes-events:
type: kubernetes-events
whitelistedEvents:
- reason: Created
involvedObjectKind: Pod
- reason: SuccessfulCreate
involvedObjectKind: ReplicaSetTroubleshooting
If you are a Splunk Observability Cloud customer and are not able to see your data in Splunk Observability Cloud, you can get help in the following ways.
Available to Splunk Observability Cloud customers
-
Submit a case in the Splunk Support Portal.
-
Contact Splunk Support.
Available to prospective customers and free trial users
-
Ask a question and get answers through community support at Splunk Answers.
-
Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups.