Why is otlphttp/entities plus some endpoint required when using for splunk enterprise with HEC export

[Nibblefritz]

I may be fairly new here, but I just noticed that there's an exporter setting for

data: relay: | exporters: otlphttp/entities: headers: # X-SF-Token is the authentication token provided by Splunk Observability Cloud. X-SF-Token: <access_token> logs_endpoint: some_endpoint

that is required when I'm running the otel-collector in our aks cluster. We use Splunk Enterprise and don't use Observability Cloud at all. We've implemented this tool to test getting a way to get our kubernetes logs to Splunk Enterprise with an HEC token and it's working so far for that purpose. The odd thing though is I noticed this exporter and settings, but without it the pod fails to start because it's required. I removed all the otlp entries in the manifests as well and it won't start either.

The command I have run to get the manifests is
`helm template splunk-otel-collector --set="splunkPlatform.endpoint=https://<our_on_prem_host>:8088/services/collector,splunkPlatform.token=<HEC_TOKEN>,splunkPlatform.clientCert="cert",splunkPlatform.clientKey="key",splunkPlatform.caFile="ca",distribution=aks,environment=mvp,cloudProvider=azure,namespaceOverride=splunk,splunkPlatform.metricsIndex=kubernetes,splunkPlatform.index=kubernetes,clusterName=<aks_cluster_name>" splunk-otel-collector-chart/splunk-otel-collector > splunk-otel-collector.yaml

Of course the token, cert, key, and ca are all being set in a separate secrets file, I just put dummy data here to build out the template appropriately.

Is there a separate setting I need to disable otlphttp exporter that's not necessary? Or is this a requirement that shouldn't really be required when just using HEC exporter and tokens?

[atoulme]

We are looking into it. Please open a support case.

[Nibblefritz]

Where can I do that. Sorry, I'm new to this tool/repo and didn't see it directly

[atoulme]

Please follow this link: https://splunk.my.site.com/customer/s/need-help/create-case

[Nibblefritz]

Thank you!
I'll get one in soon. Just need to get in touch with whoever manages our splunk enterprise instance and creds.

[dmitryax]

@Nibblefritz thanks for reporting. That pipeline shouldn't be enabled if splunkObservability isn't configured.

The odd thing though is I noticed this exporter and settings, but without it the pod fails to start because it's required. I removed all the otlp entries in the manifests as well and it won't start either.

I wasn't able to reproduce any errors though. That pipeline was just silently ignored in my tests.

Anyway, I've submitted a PR to exclude it for Splunk Platform users #1699. It should be fixed in the next release