use HEC in integration example

atoulme · atoulme · commit ed4bb2595f7b · 2026-04-03T14:40:57.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 /bin/
-integration/Splunk_TA_nix
+integration/Splunk_TA_nix
+!integration/Splunk_TA_nix/tarunner.yaml
diff --git a/integration/README.md b/integration/README.md
@@ -6,16 +6,10 @@ Please follow the steps below to run this example.
 
 In this folder, run:
 
-```> docker compose --profile splunk up -d```
+```> docker compose up -d```
 
 This will deploy a Splunk instance locally. The instance will start up and be available over localhost:18000 with the credentials `admin` and `changeme`.
 
-## Download and install Splunk Connect for OTLP
-
-Download and install Splunk Connect for OTLP per the steps outlined in https://github.com/splunk/splunk-connect-for-otlp.
-
-Make sure to configure the OTLP endpoint to use 0.0.0.0 so it is exposed by the docker container.
-
 ## Download the Splunk addon for Linux
 
 Install the TA for Linux, downloading it from https://splunkbase.splunk.com/app/833
@@ -44,6 +38,6 @@ In the `Splunk_TA_nix` folder created, copy the `default` folder as `local`.
 
 Open local/inputs.conf and edit each `disabled = 1` line to `disabled = 0`.
 
-## Run tarunner
+## Search the main index
 
-```> docker compose --profile splunk --profile tarunner up -d --build```
+Go to the search view and enjoy your TA data by searching for `index=main`
diff --git a/integration/Splunk_TA_nix/tarunner.yaml b/integration/Splunk_TA_nix/tarunner.yaml
@@ -0,0 +1,3 @@
+type: splunk_hec
+endpoint: http://splunk:8088
+token: 00000000-0000-0000-0000-0000000000000
diff --git a/integration/docker-compose.yml b/integration/docker-compose.yml
@@ -1,34 +1,26 @@
 services:
   splunk:
     image: splunk/splunk:9.4
-    profiles:
-      - splunk
     container_name: splunk
     environment:
       - SPLUNK_START_ARGS=--accept-license
       - SPLUNK_HEC_TOKEN=00000000-0000-0000-0000-0000000000000
       - SPLUNK_PASSWORD=changeme
     ports:
       - 18000:8000
+    volumes:
+      - ./splunk.yml:/tmp/defaults/default.yml
     healthcheck:
       test: [ 'CMD', 'curl', '-f', 'http://localhost:8000' ]
       interval: 5s
       timeout: 5s
       retries: 20
-  otelcollector:
-    image: otel/opentelemetry-collector:latest
-    container_name: otelcollector
-    volumes:
-      - ./otel-config.yaml:/etc/otelcol/config.yaml
   tarunner:
     build:
       context: ..
       dockerfile: debian.Dockerfile
     container_name: tarunner
-    profiles:
-      - tarunner
     command:
       - /var/ta
-      - http://otelcollector:4318
     volumes:
       - ./Splunk_TA_nix:/var/ta
diff --git a/integration/otel-config.yaml b/integration/otel-config.yaml
diff --git a/integration/splunk.yml b/integration/splunk.yml
@@ -0,0 +1,3 @@
+splunk:
+  hec:
+    ssl: False

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+type: splunk_hec`
	`2`	`+endpoint: http://splunk:8088`
	`3`	`+token: 00000000-0000-0000-0000-0000000000000`