Sync data from Kubernetes to Splunk

CloudQuery is a simple, fast and extensible data movement platform that allows you to sync data from any source to any destination.

Plugin documentation
k8s
Destinations

Trusted by

Why CloudQuery?

We took care of everything, so you can do your job easily and efficiently.

Fast and reliable

CloudQuery’s efficient design means our syncs are fast and a sync from Kubernetes to Splunk can be completed in a fraction of the time compared to other tools.

Easy to get started, easy to maintain

Kubernetes syncing using CloudQuery is easy to set up and maintain thanks to its simple YAML configuration. Once synced, you can use normal SQL queries to work with your data.

How to sync Kubernetes data to Splunk

CloudQuery is the simple, fast data integration platform that can fetch your data from Kubernetes APIs and load it into Splunk.

Kubernetes

Kubernetes

Source

Documentation
Splunk

Splunk

Destination

Documentation

Step 1: Install CloudQuery

Follow the steps below to start syncing data with CloudQuery.

Your operating system
Installation method

Copy&paste the following command to download

brew install cloudquery/tap/cloudquery

Sign in with CloudQuery

To sign in from the CLI, run the following command.

cloudquery login

A new browser window will open where you will complete the sign-in process.

Auto-generate sync configuration

Run the following command to create a configuration file:

cloudquery init --source k8s --destination splunk --spec-path k8s_to_splunk.yaml

Step 2: Additional source and destination configuration (optional)

Kubernetes source plugin configuration

You can find more information about the configuration in the plugin documentation.

# k8s.yml kind: source spec: name: k8s path: cloudquery/k8s spec: # per documentation at:

PSplunk plugin configuration

You can find more information about the configuration in the plugin documentation.

# splunk.yml kind: destination spec: name: splunk path: cloudquery/splunk spec: # per documentation at:

Step 3: Run the sync

Step 1. Copy and paste the command to trigger the sync

cloudquery sync k8s_to_splunk.yaml

Frequently asked questions about plugins

Detailed answers are here to help you get started.

Splunk FAQ

Which write mode can I use in Splunk when syncing data from Kubernetes?

At the moment, CloudQuery only supports append write mode, this means that it will not remove data from your Splunk destination and will create new indexes when needed.

You can manage the rate at which data is synced from Kubernetes to Splunk by using the batch_size, batch_size_bytes, and max_concurrent_requests integers. In general, you should keep the max_concurrent_requests integer as low as possible while aiming for a ratio of roughly 1,000 between batch_size and max_concurrent_requests, this will ensure that the response times from your Splunk instance remain reasonable.

The Splunk Destination integration allows you to send cloud asset data collected by CloudQuery to Splunk for further analysis, enabling you to monitor, visualize, and query cloud infrastructure metrics in real-time.

Kubernetes FAQ

What authentication information is required to run the sync from Kubernetes to Splunk?

CloudQuery works on a similar basis to kubectl, the Kubernetes command line tool and will use information contained in a Kubernetes configuration file (also known as a kubeconfig file) to authenticate the sync. By default, CloudQuery will look for a file located at ~/.kube/config. If you want to use a different file, you can specify this by setting the KUBECONFIG environment variable to your chosen path.

By default, CloudQuery will use the contexts specificed in your Kubernetes configuration file. If you want to connect to different contexts, you can specify this by setting the contexts variable. This variable supports wildcard use, so if you want to connect to all available contexts, simply set the variable to *.
Fast and reliable

CloudQuery’s efficient design means our syncs are fast and a sync from Kubernetes to Splunk can be completed in a fraction of the time compared to other tools.

Easy to use, easy to maintain

Kubernetes syncing using CloudQuery is easy to set up and maintain thanks to its simple YAML configuration. Once synced, you can use normal SQL queries to work with your data.

A huge library of supported destinations

Splunk isn’t the only place we can sync your Kubernetes data to. Whatever you need to do with your Kubernetes data, CloudQuery can make it happen. We support a huge range of destinations, customizable transformations for ETL, and we regularly release new plugins.

Extensible and Open Source SDK

Write your own connectors in any language by utilizing the CloudQuery open source SDK powered by Apache Arrow. Get out-of-the-box scheduling, rate-limiting, transformation, documentation and much more.

Turn cloud chaos into clarity

Find out how CloudQuery can help you get clarity from a chaotic cloud environment with a personalized conversation and demo.

Request a demoDownload CLI
Join our mailing list

Subscribe to our newsletter to make sure you don't miss any updates.

Solutions
Resources
Legal
Social
© 2024 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.