Isovalent Enterprise Platform Integration with Splunk Observability Cloud
Stream eBPF network and runtime signals from Cilium, Hubble, and Tetragon on EKS into Splunk Observability Cloud — including a Hubble-driven DNS investigation.
This workshop demonstrates integrating Isovalent Enterprise Platform with Splunk Observability Cloud to provide comprehensive visibility into Kubernetes networking, security, and runtime behavior using eBPF technology.
What You’ll Learn #
By the end of this workshop, you will:
- Deploy Amazon EKS with Cilium as the CNI in ENI mode
- Configure Hubble for network observability with L7 visibility
- Install Tetragon for runtime security monitoring
- Integrate eBPF-based metrics with Splunk Observability Cloud using OpenTelemetry
- Monitor network flows, security events, and infrastructure metrics in unified dashboards
- Understand eBPF-powered observability and kube-proxy replacement
Sections #
- Overview - Understand Cilium architecture and eBPF fundamentals
- Prerequisites - Required tools and access
- EKS Setup - Create EKS cluster for Cilium
- Cilium Installation - Deploy Cilium, Hubble, and Tetragon
- Splunk Integration - Connect metrics to Splunk Observability Cloud
- Verification - Validate the integration
- Demo Script - Walk through an end-to-end DNS investigation scenario
Tip
This integration leverages eBPF (Extended Berkeley Packet Filter) for high-performance, low-overhead observability directly in the Linux kernel.Prerequisites #
- AWS CLI configured with appropriate credentials
- kubectl, eksctl, and Helm 3.x installed
- An AWS account with permissions to create EKS clusters, VPCs, and EC2 instances
- A Splunk Observability Cloud account with access token
- Approximately 90 minutes for complete setup
Benefits of Integration #
By connecting Isovalent Enterprise Platform to Splunk Observability Cloud, you gain:
- 🔍 Deep visibility: Network flows, L7 protocols (HTTP, DNS, gRPC), and runtime security events
- 🚀 High performance: eBPF-based observability with minimal overhead
- 🔐 Security insights: Process monitoring, system call tracing, and network policy enforcement
- 📊 Unified dashboards: Cilium, Hubble, and Tetragon metrics alongside infrastructure and APM data
- ⚡ Efficient networking: Kube-proxy replacement and native VPC networking with ENI mode
Source Repositories #
All configuration files, Helm values, and dashboard JSON files referenced in this workshop are available in the following repositories:
- isovalent_splunk_o11y — Helm values, OTel Collector configuration, Splunk dashboard JSON files, and the complete integration guide
- isovalent-demo-jobs-app — The jobs-app Helm chart used in the demo scenario, including the error injection and remediation scripts