Live Demo: Get full visibility of your AWS environment with CloudQuery Sign up ❯
Sign up ❯

CloudQuery

Back to source plugin

Sync data from Kubernetes to Splunk

CloudQuery is the simple, fast data integration platform that can fetch your data from Kubernetes APIs and load it into Splunk
Kubernetes
Splunk

Trusted by

https://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/fastly.7b4d858a.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/zendesk.7797fa4d.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/infosys.ff0299e0.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/auroralabs.a19bd93a.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/palo_alto_networks.408311f5.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/instructure.dcb4ccf2.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/ridgeline.93285988.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/fastly.7b4d858a.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/zendesk.7797fa4d.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/infosys.ff0299e0.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/auroralabs.a19bd93a.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/palo_alto_networks.408311f5.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/instructure.dcb4ccf2.svghttps://cdn.cloudquery.io/hub/cjxqxrk1r/_next/static/media/ridgeline.93285988.svg

Get a personalized demo

Book a demo and see how quickly CloudQuery delivers new and ongoing insights on your multi-cloud environments.

Video thumbnail
Enterprise ReadyCustomize & ExtendEnterprise Ready
Enterprise Ready
Customize & Extend
Query Assets with SQL

Non-invasive account access for better security and efficiency.

Import data with CloudQuery SDKs and build your own plugins.

Query cloud assets and security with a simple SQL-based UI.

Step by step guide for how to export data from Kubernetes to Splunk

MacOSWindowsLinux
Table of Contents

MacOS Setup

Step 1: Install CloudQuery

To install CloudQuery, run the following command in your terminal:

brew install cloudquery/tap/cloudquery

Step 2: Create a Configuration File

Next, run the following command to initialize a sync configuration file for Kubernetes to Splunk:

cloudquery init --source=k8s --destination=splunk

This will generate a config file named k8s_to_splunk.yaml. Follow the instructions to fill out the necessary fields to authenticate against your own environment.

Step 3: Log in to CloudQuery CLI

Next, log in to the CloudQuery CLI. If you have't already, you can sign up for a free account as part of this step:

cloudquery login

Step 4: Run a Sync

cloudquery sync k8s_to_splunk.yaml

This will start syncing data from the Kubernetes API to your Splunk database! 🚀

See the CloudQuery documentation portal for more deployment guides, options and further tips.

FAQs

What is CloudQuery?
CloudQuery is an open-source tool that helps you extract, transform, and load cloud asset data from various sources into databases for security, compliance, and visibility.
Why does CloudQuery require login?
Logging in allows CloudQuery to authenticate your access to the CloudQuery Hub and monitor usage for billing purposes. Data synced with CloudQuery remains private to your environment and is not shared with our servers or any third parties.
What data does CloudQuery have access to?
CloudQuery accesses only the metadata and configurations of your cloud resources that you specify without touching sensitive data or workloads.
How is CloudQuery priced?
CloudQuery offers flexible pricing based on the number of cloud accounts and usage. Visit our pricing page for detailed plans.
Is there a free version of CloudQuery?
Yes, CloudQuery offers a free plan that includes basic features, perfect for smaller teams or personal use. More details can be found on our pricing page.
What authentication information is required to run the sync from Kubernetes to Splunk?
CloudQuery works on a similar basis to kubectl, the Kubernetes command line tool and will use information contained in a Kubernetes configuration file (also known as a kubeconfig file) to authenticate the sync. By default, CloudQuery will look for a file located at ~/.kube/config. If you want to use a different file, you can specify this by setting the KUBECONFIG environment variable to your chosen path.
How can I specify which Kubernetes contexts to connect to?
By default, CloudQuery will use the contexts specificed in your Kubernetes configuration file. If you want to connect to different contexts, you can specify this by setting the contexts variable. This variable supports wildcard use, so if you want to connect to all available contexts, simply set the variable to *.
Which write mode can I use in Splunk when syncing data from Kubernetes?
At the moment, CloudQuery only supports append write mode, this means that it will not remove data from your Splunk destination and will create new indexes when needed.
How can I ensure that my sync from Kubernetes does not exceed my Splunk API limits?
You can manage the rate at which data is synced from Kubernetes to Splunk by using the batch_size, batch_size_bytes, and max_concurrent_requests integers. In general, you should keep the max_concurrent_requests integer as low as possible while aiming for a ratio of roughly 1,000 between batch_size and max_concurrent_requests, this will ensure that the response times from your Splunk instance remain reasonable.
What is the Splunk Destination integration for CloudQuery?
The Splunk Destination integration allows you to send cloud asset data collected by CloudQuery to Splunk for further analysis, enabling you to monitor, visualize, and query cloud infrastructure metrics in real-time.

Get Weekly Cloud Governance Insights

Product use cases

Resources

Legal

© 2025 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.