Splunk Daemonset conflicting with other monitoring agents

[ajdurr]

Hi,
Were having a issue about spinning up the Splunk using the Daemonset Agent. I spoken with a Splunk engineer at KubeCon and we removed the port section on the helm values, but it still having the same issue about out of node ports. DataDog and Splunk are using the same Ephermeral node ports. My use case we need to send Istio logs to Splunk. Were going to send Istio logs to Std out per my discussion with Splunk.

My question can we turn off any ephermeral ports from the Splunk OTEL Collector with sending Istio logs to Splunk?

[jinja2]

@ajdurr Could you try with this config?

agent:
  
  service:
    enabled: false 

  ports:
    otlp: null
    otlp-http: null
  
  config:
    receivers:
      otlp: {}
    service:
      pipelines:
        logs:
          receivers:
            - filelog

This ensures the OTLP receiver doesn’t open any listeners. Simply not exposing the ports in the container spec isn’t sufficient since the OTLP receiver was still binding on the host network.

As an extra safeguard, you can also disable host networking entirely by setting:

agent:
  hostNetwork: false

These suggestions assume you don’t need to run the OTLP receiver (for logs sent to stdout, we only need the filelog receiver). If you do, let me know and we can adjust the config to use specific port numbers or adapt it to your setup.

[ajdurr]

Thank you it worked