Local Hosting with Multipass

Install Multipass and Terraform for your operating system. On a Mac (Intel), you can also install via Homebrew e.g.

brew install multipass terraform jq

Clone workshop repository:

git clone https://github.com/splunk/observability-workshop

Change into Multipass directory:

cd observability-workshop/local-hosting/multipass

Log Observer Connect:

If you plan to use your own Splunk Observability Cloud Suite Org and or Splunk instance, you may need to create a new Log Observer Connect connection: Follow the instructions found in the documentation for Splunk Cloud or Splunk Enterprize.

Additional requirements for running your own Log Observer Connect connection are:

• Create an index called splunk4rookies-workshop
• Make sure the Service account user used in the Log observer Connect connection has access to the splunk4rookies-workshop index (you can remove all other indexes, as all workshop log data should go to this index).

Initialize Terraform:

terraform init -upgrade

Create Terraform variables file. Variables are kept in file terrform.tfvars and a template is provided, terraform.tfvars.template, to copy and edit:

cp terraform.tfvars.template terraform.tfvars

The following Terraform variables are required:

• swipe_id: SWiPE ID for the instance
• splunk_index: Splunk Index to send logs to. Defaults to splunk4rookies-workshop.

Instance type variables:

• splunk_presetup: Provide a preconfigured instance (OTel Collector and Online Boutique deployed with RUM enabled). The default is false.
• splunk_diab: Install and run Demo-in-a-Box. The default is false.
• tagging_workshop: Install and configure the Tagging Workshop. The default is false.
• otel_demo : Install and configure the OpenTelemetry Astronomy Shop Demo. This requires that splunk_presetup is set to false. The default is false.

Optional advanced variables:

• wsversion: Set this to main if working on the development of the workshop, otherwise this can be omitted.
• architecture: Set this to the correct architecture, arm64 or amd64. Defaults to arm64 which is appropriate for Apple Silicon.

Run terraform plan to check that all configuration is OK. Once happy run terraform apply to create the instance.

terraform apply

random_string.hostname: Creating...
random_string.hostname: Creation complete after 0s [id=cynu]
local_file.user_data: Creating...
local_file.user_data: Creation complete after 0s [id=46a5c50e396a1a7820c3999c131a09214db903dd]
multipass_instance.ubuntu: Creating...
multipass_instance.ubuntu: Still creating... [10s elapsed]
multipass_instance.ubuntu: Still creating... [20s elapsed]
...
multipass_instance.ubuntu: Still creating... [1m30s elapsed]
multipass_instance.ubuntu: Creation complete after 1m38s [name=cynu]
data.multipass_instance.ubuntu: Reading...
data.multipass_instance.ubuntu: Read complete after 1s [name=cynu]

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

instance_details = [
  {
    "image" = "Ubuntu 22.04.2 LTS"
    "image_hash" = "345fbbb6ec82 (Ubuntu 22.04 LTS)"
    "ipv4" = "192.168.205.185"
    "name" = "cynu"
    "state" = "Running"
  },
]

Once the instance has been successfully created (this can take several minutes), exec into it using the name from the output above. The password for Multipass instance is Splunk123!.

multipass exec cynu -- su -l splunk

$ multipass exec kdhl -- su -l splunk
Password:
Waiting for cloud-init status...
Your instance is ready!

Validate the instance:

kubectl version --output=yaml

To delete the instance, first make sure you have exited from instance and then run the following command:

terraform destroy

Local Hosting with OrbStack

Install Orbstack and jq:

brew install orbstack jq

Clone workshop repository:

git clone https://github.com/splunk/observability-workshop

Change into Orbstack directory:

cd observability-workshop/local-hosting/orbstack

Run the script and provide and instance name and SWiPE ID e.g.:

./start.sh my-instance 12345678

Once the instance has been successfully created (this can take several minutes), you will automatically be logged into the instance. If you exit you can SSH back in using the following command (replace <my_instance> with the name of your instance):

ssh splunk@<my_instance>@orb

Once in the shell, you can validate that the instance is ready by running the following command:

kubectl version --output=yaml

To get the IP address of the instance, run the following command:

ifconfig eth0

To delete the instance, run the following command:

orb delete my-instance

Local Hosting with Proxmox

Proxmox Workshop Instance Setup

Overview

The ubuntu-cloud-k3d.sh script automates the creation of a Splunk Observability Workshop VM on Proxmox VE. It creates a complete Ubuntu 24.04 cloud-init based VM with all necessary tools and configurations pre-installed.

Prerequisites

• Proxmox VE cluster with administrative access
• Internet connectivity for downloading cloud images and packages
• Available VM ID range and storage space
• Valid SWiPE ID for workshop access
• Snippets enabled on local storage - Required for cloud-init configuration files. To enable:
  1. In Proxmox web UI, go to Datacenter → Storage → local
  2. Click Edit
  3. Under Content, add Snippets to the list
  4. Click OK

Quick Start

Run the script directly on your Proxmox host:

k3d script:

bash -c "$(curl -fsSL https://raw.githubusercontent.com/splunk/observability-workshop/refs/heads/main/local-hosting/proxmox/ubuntu-cloud-k3d.sh)"

k3s script (LEGACY):

bash -c "$(curl -fsSL https://raw.githubusercontent.com/splunk/observability-workshop/refs/heads/main/local-hosting/proxmox/ubuntu-cloud-k3s.sh)"

What the Script Does

1. Initial Setup

• Updates package repositories and installs required tools (jq, curl)
• Displays interactive prompts for user confirmation and SWiPE ID input

2. Authentication & Configuration

• Validates SWiPE ID against the Splunk workshop API
• Retrieves workshop tokens and configuration (REALM, RUM_TOKEN, INGEST_TOKEN, etc.)
• Generates unique VM ID and hostname

3. VM Creation

• Downloads Ubuntu 24.04 Noble cloud image
• Resizes disk to 40GB
• Creates Proxmox VM with:
  • Memory: 16GB RAM
  • CPU: 4 cores (host CPU type)
  • Storage: Uses local-lvm storage
  • Network: Bridged to vmbr0 with DHCP
  • Boot: UEFI with cloud-init support

4. Software Installation

The cloud-init configuration automatically installs:

• Container Tools: Docker, Docker Compose
• Kubernetes: K3s, kubectl, Helm, K9s
• Development: OpenJDK 17, Maven, Python3, Git
• Infrastructure: Terraform, Ansible
• Monitoring: Chaos Mesh

5. Workshop Content

• Downloads Splunk Observability Workshop materials
• Sets up Kubernetes secrets with workshop tokens
• Configures private container registry
• Prepares demo applications and content

VM Specifications

• OS: Ubuntu 24.04 LTS (Noble)
• Memory: 16GB RAM
• CPU: 4 cores
• Disk: 40GB (expandable)
• User: splunk / Splunk123!
• SSH: Password authentication enabled

Environment Variables

The script configures these environment variables in the VM:

• RUM_TOKEN: Real User Monitoring token
• ACCESS_TOKEN: Data ingest token
• API_TOKEN: Splunk API token
• HEC_TOKEN: HTTP Event Collector token
• HEC_URL: HEC endpoint URL
• REALM: Splunk realm
• INSTANCE: Unique hostname
• CLUSTER_NAME: Kubernetes cluster name

Accessing the VM

1. Wait for VM creation and boot to complete (5-10 minutes)

2. Find the VM’s IP address in Proxmox console or DHCP logs

3. SSH to the VM:

   ssh splunk@<vm-ip>
   # Password: Splunk123!

Useful Commands in the VM

# Check Kubernetes status
kubectl get nodes

# Access Kubernetes dashboard
k9s

# View workshop materials
ls ~/workshop/

# Check environment variables
env | grep -E "(TOKEN|REALM)"

Troubleshooting

• Invalid SWiPE ID: Verify your workshop registration and ID
• VM creation fails: Check Proxmox storage space and permissions
• Network issues: Ensure vmbr0 bridge is properly configured
• Slow deployment: Allow extra time for cloud-init to complete all installations

Tags

Created VMs are tagged with: o11y-workshop, noble, k3d