Local Hosting with OrbStack

Install Orbstack:

brew install orbstack

Log Observer Connect:

If you plan to use your own Splunk Observability Cloud Suite Org and or Splunk instance, you may need to create a new Log Observer Connect connection: Follow the instructions found in the documentation for Splunk Cloud or Splunk Enterprize.

Additional requirements for running your own Log Observer Connect connection are: Create an index called splunk4rookies-workshop Make sure the Service account user used in the Log observer Connect Connection has access to the splunk4rookies-workshop index. (You can remove all other indexes, as all workshop log data should go to this index)

Clone workshop repository:

git clone https://github.com/splunk/observability-workshop

Change into Orbstack directory:

cd observability-workshop/local-hosting/orbstack

Copy the start.sh.example to start.sh and edit the file to set the following required variables Make sure that you do not use a Raw Endpoint, but use an Event Endpoint instead as this will process the logs correctly

• ACCESS_TOKEN
• REALM
• API_TOKEN
• RUM_TOKEN
• HEC_TOKEN
• HEC_URL

Run the script and provide and instance name e.g.:

./start.sh my-instance

Once the instance has been successfully created (this can take several minutes), you will automatically be logged into the instance. If you exit you can SSH back in using the following command (replace <my_instance> with the name of your instance):

ssh splunk@<my_instance>@orb

Once in the shell, you can validate that the instance is ready by running the following command:

kubectl version --output=yaml

To get the IP address of the instance, run the following command:

ifconfig eth0

To delete the instance, run the following command:

orb delete my-instance