out_splunk: support OTLP schema for Splunk JSON #10002
Comments
|
A bit broader, I want to emphasize that we should have some way to re-group OTLP logs into a compatible message payload for Splunk / HTTP / or other plugins. Currently this results in HTTP 400 in major backends |
|
Could you please clarify this @agup006? |
|
With OTEL envelope or OTEL formatted messages Fluent Bit groups this by 1) including a single message with scope and resources (2) then having a message for the body content and (3) another message indicating the end of the message This formatting and grouping is done to ensure that there is low duplication of scope and resource across all messages. However when we route the OTEL envelope or OTEL formatted messages the three seperate messages are not formatted in a way that can be accepted by HTTP or other plugins. The re-group is to force a duplication of scope and resource across all messages as a way of compatibility enforcement. |
When the data has been received in OTLP, records are inside a group which it definition comes with the metadata such as resources, scope and attributes within others. Today Splunk output plugin does not recognize this metadata.
This issue is to track the extension of the plugin to support the required Schema, the final goal is to mimic similar behavior than Splunk Hec Exporter from the OpenTelemetry Collector Contrib:
ref: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter/splunkhecexporter
The text was updated successfully, but these errors were encountered: