I am setting up a splunk universal forwarder as a sidecar with my application through a deployment spec. The splunk universal forwarder is setup as a different docker image where I copy custom inputs.conf and outputs.conf through docker COPY (shown below).
Effectively when I deploy my application, the sidecar is starting. In the current state, the indexer configuration is in the output.conf and which is taking effect.
*The issue comes here: I want to change the indexer server host and port dynamically based on the environment. *
Here is my dockerfile content of splunk universal forwarder.
FROM splunk/universalforwarder:latest
COPY configs/*.conf /opt/splunkforwarder/etc/system/local/
Built the docker images with name splunk-universal-forwarder:demo The configs folder have both files inputs.conf and outputs.conf.
The content of outputs.conf is
[tcpout]
defaultGroup = default-lb-group
[tcpout:default-lb-group]
server = ${SPLUNK_BASE_HOST}
[tcpout-server://host1:9997]
I want to pass the SPLUNK_BASE_HOST environment variable through the sidecar deployment like below.
- name: universalforwarder
image: splunk-universal-forwarder:demo
imagePullPolicy: Always
env:
- name: SPLUNK_START_ARGS
value: "--accept-license --answer-yes"
- name: SPLUNK_BASE_HOST
value: 123.456.789.000:9997
- name: SPLUNK_USER
valueFrom:
secretKeyRef:
name: credentials
key: splunk.username
- name: SPLUNK_PASSWORD
valueFrom:
secretKeyRef:
name: credentials
key: splunk.password
volumeMounts:
- name: container-logs
mountPath: /var/log/splunk-fwd-myapp
I have a separate deployment.yaml per environment (dev, stage, uat, qa, prod) and I should be able to pass different indexer host and port SPLUNK_BASE_HOST based on these environments. If I hardcode the indexer host and port in outputs.conf, it will take the same value across all environments but I don't want that to happen.
The environment variable ${SPLUNK_BASE_HOST} in the outputs.conf is not referring to the value supplied in deployment yaml file.
You need to create an init script that should source the host name from environment variable and update the same in the output.conf using sed command. Finally launch slunk forwarder