Skip to content

Initial Setup

Set Up Splunk Enterprise Indexes and HEC Endpoints

  1. Create the two required indexes: an index for traces apm_traces (see Create events indexes), and an index for metrics apm_metrics (see Create metrics indexes).

  2. Setup 2 Splunk HEC tokens, one for apm_traces and one for apm_metrics. See Configure HTTP Event Collector on Splunk Enterprise or on Splunk Cloud. Steps summarized below.

  3. Login to Splunk and go to Settings > Data inputs (under "Data") > HTTP Event Collector.

  4. At the top-right, click Global Settings and set "All Tokens" to Enabled, and uncheck "Enable SSL" (if not using HTTPS). Ensure the "HTTP Port Number" is set to 8088. Click Save.
  5. At the top-right, create New Token, and enter a Name. Click Next. Next to "Select Allowed Indexes", select apm_traces. Click Review, and then Submit. You should now see a "Token Value", which we'll need in the next section.
  6. To ingest metrics, create another HEC token and assign it to the apm_metrics index. Make sure to copy the "Token Value" here as well.

Install the OTel Collector Gateway

  1. On your Linux VM, install the OTel Collector. If the VM does not have internet access, download these files separately and manually copy them to the VM. Note: If you wish to run the OTel Collector in agent mode, simply replace gateway with agent in the commands below. 
    sudo apt install wget
wget https://github.com/signalfx/splunk-otel-collector/releases/download/v0.57.0/otelcol_linux_amd64
chmod a+x otelcol_linux_amd64
wget https://raw.githubusercontent.com/signalfx/splunk-otel-collector/main/cmd/otelcol/config/collector/gateway_config.yaml
sudo mkdir /etc/otel
sudo mkdir /etc/otel/collector
sudo mv gateway_config.yaml /etc/otel/collector/
Last update: August 12, 2022