hvaghani221
hvaghani221
Hu @naveenb30, you can follow these instructions here: https://github.com/splunk/splunk-connect-for-kubernetes/blob/29ec02a96ac951a9a012f85dbd2ad53e8c8ba2b7/helm-chart/splunk-connect-for-kubernetes/charts/splunk-kubernetes-logging/values.yaml#L160-L236 I am not sure if I understood your issue correctly, but I can see some issue with your config ``` logs:...
You do not have to provide a namespace name in ``. And including a namespace name isn't necessary. Actual log file name is: `__.log` And the config looks for `*
Following 2 config will produce same result ```yaml logs: - argo: from: pod: "log-*" multiline: firstline: /timestamp=\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}.\d{3}/ sourcetype: kube:kube_test ``` ```yaml logs: - random-name: from: pod: "log-*" container: "argo" multiline:...
Hi @ftpd, sorry for the delayed response. Actually, it is expected behaviour. You can use provide a line separator as well. It is not documented, so need to add one....
It's very strange. Logs suggest that SCK is able to send the logs successfully. Have you checked splunkd internal logs? Also, can you try with the latest version ([v1.4.15](https://github.com/splunk/splunk-connect-for-kubernetes/releases/tag/1.4.15))
Hi @srikiz, any update on this? You are able to receive monitoring events, which suggests that there is no issue with the fluentd or splunk_hec plugin. Also, the logs are...
Can you also fix lint test failures?
I cannot merge it until splunk_hec plugin is released
We have prioritised this request and will be working on this ASAP. Meanwhile, you can probably use [service-account-token-volume-projection](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection) where you can provide `expirationSeconds` for token. I haven't tested it yet...
@tomsucho kubelet will update the token file periodically based on the expiration time. Until refreshing the token isn't supported, we can probably increase token expiration time (i.e. 1 month).