Install the Splunk Add-on for OpenTelemetry Collector

Install the Splunk Add-on for OpenTelemetry Collector.

This topic explains how to download the add-on and install it to a single or to multiple universal forwarder instances.

Tip: Alternatively, you can install and configure the add-on using a customized or third-party solution, such as Ansible or Terraform.

Prerequisites

Before you install this add-on, you must have the following Splunk products installed and configured:

Splunk Universal Forwarder version 8.x, 9.x or 10.x on Linux or Windows: This add-on is installed alongside your Splunk Universal Forwarders to push collected data to Splunk Observability Cloud.
Splunk Observability Cloud: This add-on sends data to Splunk Observability Cloud. See Get started with the Splunk Distribution of the OpenTelemetry Collector and Collector requirements for more information on how to prepare your Splunk Observability Cloud instance.
(Optional) Install the Deployment Server if you plan to use it to push this add-on to multiple hosts.

Download the add-on

Download the Splunk Add-on for OpenTelemetry Collector from Splunkbase onto the machine running the universal forwarder:

Splunk Add-on for OpenTelemetry Collector includes the collector for both Linux and Windows in the same package.
To save space you can use the platform specific packages:
- Splunk Add-On for OpenTelemetry Collector (for Linux x86_64)
- Splunk Add-On for OpenTelemetry Collector (for Windows x86_64)

Install the add-on to a single universal forwarder instance

In Splunk Observability Cloud, retrieve your access token and the realm of your organization.
On the machine running the universal forwarder, unzip the add-on package you downloaded. In your unzipped folder, locate and unzip the .tar file to $SPLUNK_HOME/etc/apps.
In $SPLUNK_HOME/etc/apps, create a new folder named local in Splunk_TA_otel/, Splunk_TA_otel_linux_x86_64/ or Splunk_TA_otel_windows_x86_64/ depending on which add-on package you downloaded.
In the default folder, copy inputs.conf to the local folder you created in the previous step.
In local/inputs.conf, edit the TA specific values as appropriate:
- Set splunk_access_token to the access token you obtained in step 1. See ingest tokens of your organization.
- Set splunk_realm to the Splunk realm you identified in step 1.
- If your Splunk Distribution of the OpenTelemetry Collector isn't using the default host (agent) mode configuration file, $SPLUNK_HOME/etc/apps/$SPLUNK_MODINPUT_APP_NAME/configs/agent_config.yaml, change splunk_config to point to the desired configuration file.
- If appropriate add or edit the specified configuration file under the configs folder.
- Change splunk_collector_log_level if the default collector log level, error, is not appropriate.
- Set any environment variables to be passed to the collector by entering a value for splunk_collector_env_vars. The value should be in the format KEY1=VALUE1,KEY2=VALUE2. Any comma (, ) character in VALUE must be percent encoded. If necessary, any other special characters can also be percent encoded.
- Set any command line options to be passed to the collector by adding them to the splunk_collector_cmd_args.
In Splunk Observability Cloud, select your profile icon > Organization to verify that the realm value in the realm and ingest endpoints files in your local folder match the value shown in Splunk Observability Cloud. Save any changes you make in the local files.
Restart Splunkd.

Your add-on is now deployed.
In Splunk Infrastructure Monitoring, navigate to the host where you deployed the add-on and select it to explore its metrics and status. For more information, see Use navigators in Splunk Infrastructure Monitoring.

Install the add-on to multiple universal forwarder instances

Follow these steps to install the add-on to multiple universal forwarder instances using a deployment server.

In Splunk Observability Cloud, retrieve your access token and the realm of your organization.
On the machine running your deployment server, unzip the add-on package you downloaded. In your unzipped folder, locate and unzip the .tar file to $SPLUNK_HOME/etc/deployment-apps.

Note: The default location is $SPLUNK_HOME/etc/deployment-apps, but this is configurable through the repositoryLocation attribute in serverclass.conf. See Create deployment apps.
In $SPLUNK_HOME/etc/apps, create a new folder named local in Splunk_TA_otel/, Splunk_TA_otel_linux_x86_64/ or Splunk_TA_otel_windows_x86_64/ depending on which add-on package you downloaded.
In the default folder, copy inputs.conf to the local folder you created in the previous step.
In local/inputs.conf, edit the TA specific values as appropriate:
- Set splunk_access_token to the access token you obtained in step 1. See ingest tokens of your organization.
- Set splunk_realm to the Splunk realm you identified in step 1.
- If your Splunk Distribution of the OpenTelemetry Collector isn't using the default host (agent) mode configuration file, $SPLUNK_HOME/etc/apps/$SPLUNK_MODINPUT_APP_NAME/configs/agent_config.yaml, change splunk_config to point to the desired configuration file.
- If appropriate add or edit the specified configuration file under the configs folder.
- Change splunk_collector_log_level if the default collector log level, error, is not appropriate.
- Set any environment variables to be passed to the collector by entering a value for splunk_collector_env_vars. The value should be in the format KEY1=VALUE1,KEY2=VALUE2. Any comma (, ) character in VALUE must be percent encoded. If necessary, any other special characters can also be percent encoded.
- Set any command line options to be passed to the collector by adding them to the splunk_collector_cmd_args.
In Splunk Observability Cloud, select your profile icon > Organization to verify that the realm value in the realm and ingest endpoints files in your local folder match the value shown in Splunk Observability Cloud. Save any changes you make in the local files.
In Splunk Web, select Settings > Forwarder Management to access your deployment server.
Create a server class:
1. For "Edit clients", update Include to add your Universal Forwarder instance and save it.
2. Navigate to Add apps and select your new Splunk Add-on for OpenTelemetry Collector service class.
3. Edit on your newly created service class and make sure the following are checked:
  - Enable App
  - Restart Splunkd
Select Save.

Your add-on service is now deployed.
In Splunk Infrastructure Monitoring, navigate to the host where you deployed the add-on and select it to explore its metrics and status. For more information, see Use navigators in Splunk Infrastructure Monitoring.

Splunk Enterprise

Splunk Cloud Platform

Splunkbase

Enterprise Security

SOAR

IT Service Intelligence

Content Packs

Splunk Observability Cloud

AppDynamics SaaS

AppDynamics On-Premises

Virtual Appliance (Self-Hosted)

Developer Documentation

Splunkbase

Splunk Enterprise

Splunk Cloud Platform

Splunkbase

DATA MANAGEMENT

SEARCH AND ANALYTICS

ADMINISTRATION

Enterprise Security

SOAR

ENTERPRISE SECURITY

SOAR

RELATED APPS

IT Service Intelligence

Content Packs

ITSI

IT Ops

ADMINISTRATION

EXTENSIONS

Splunk Observability Cloud

MONITORING

DATA MANAGEMENT

ADMINISTRATION

AppDynamics SaaS

AppDynamics On-Premises

Virtual Appliance (Self-Hosted)

ESSENTIALS

MONITORING

ADMINISTRATION

Developer Documentation

Splunkbase

PLATFORM

OBSERVABILITY

REFERENCE

Resources

REFERENCE

Learn More

Support

Install the Splunk Add-on for OpenTelemetry Collector

Prerequisites

Download the add-on

Install the add-on to a single universal forwarder instance

Install the add-on to multiple universal forwarder instances