Local Hosting with Multipass
Install Multipass and Terraform for your operating system. On a Mac (Intel), you can also install via Homebrew e.g.
brew install multipass
brew install terraform
Clone workshop repository:
git clone https://github.com/splunk/observability-workshop
Change into multipass directory:
cd observability-workshop/local-hosting/multipass
Log Observer Connect:
If you plan to use your own Splunk Observability Cloud Suite Org and or Splunk instance, you may need to create a new Log Observer Connect connection:
Follow the instructions found in the documentation for Splunk Cloud or Splunk Enterprize.
Additional requirements for running your own Log Observer Connect connection are:
- Create an index called splunk4rookies-workshop
- Make sure the Service account user used in the Log observer Connect connection has access to the splunk4rookies-workshop index (you can remove all other indexes, as all workshop log data should go to this index).
Initialise Terraform:
```text
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/random...
- Finding latest version of hashicorp/local...
- Finding larstobi/multipass versions matching "~> 1.4.1"...
- Installing hashicorp/random v3.5.1...
- Installed hashicorp/random v3.5.1 (signed by HashiCorp)
- Installing hashicorp/local v2.4.0...
- Installed hashicorp/local v2.4.0 (signed by HashiCorp)
- Installing larstobi/multipass v1.4.2...
- Installed larstobi/multipass v1.4.2 (self-signed, key ID 797707331BF3549C)
```
Create Terraform variables file. Variables are kept in file terrform.tfvars
and a template is provided, terraform.tfvars.template
, to copy and edit:
cp terraform.tfvars.template terraform.tfvars
The following Terraform variables are required:
splunk_access_token
: Observability Cloud Access Tokensplunk_api_token
: Observability Cloud API Tokensplunk_rum_token
: Observability Cloud RUM Tokensplunk_realm
: Observability Cloud Realm e.g. eu0
splunk_hec_url
: Splunk HEC URL. Do not use a raw
endpoint, use the event
endpoint so logs process correctly.splunk_hec_token
: Splunk HEC Tokensplunk_index
: Splunk Index to send logs to. Defaults to splunk4rookies-workshop
.
Instance type variables:
splunk_presetup
: Provide a preconfigured instance (OTel Collector and Online Boutique deployed with RUM enabled). The default is false
.splunk_diab
: Install and run Demo-in-a-Box. The default is false
.tagging_workshop
: Install and configure the Tagging Workshop. The default is false
.otel_demo
: Install and configure the OpenTelemetry Astronomy Shop Demo. This requires that splunk_presetup
is set to false
. The default is false
.
Optional advanced variables:
wsversion
: Set this to main
if working on the development of the workshop, otherwise this can be omitted.architecture
: Set this to arm64
if you are running on Apple Silicon. Defaults to amd64
.
Run terraform plan
to check that all configuration is OK. Once happy run terraform apply
to create the instance.
random_string.hostname: Creating...
random_string.hostname: Creation complete after 0s [id=cynu]
local_file.user_data: Creating...
local_file.user_data: Creation complete after 0s [id=46a5c50e396a1a7820c3999c131a09214db903dd]
multipass_instance.ubuntu: Creating...
multipass_instance.ubuntu: Still creating... [10s elapsed]
multipass_instance.ubuntu: Still creating... [20s elapsed]
...
multipass_instance.ubuntu: Still creating... [1m30s elapsed]
multipass_instance.ubuntu: Creation complete after 1m38s [name=cynu]
data.multipass_instance.ubuntu: Reading...
data.multipass_instance.ubuntu: Read complete after 1s [name=cynu]
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
Outputs:
instance_details = [
{
"image" = "Ubuntu 22.04.2 LTS"
"image_hash" = "345fbbb6ec82 (Ubuntu 22.04 LTS)"
"ipv4" = "192.168.205.185"
"name" = "cynu"
"state" = "Running"
},
]
Once the instance has been successfully created (this can take several minutes), exec
into it using the name
from the output above. The password for Multipass instance is Splunk123!
.
multipass exec cynu -- su -l splunk
$ multipass exec kdhl -- su -l splunk
Password:
Waiting for cloud-init status...
Your instance is ready!
Validate the instance:
kubectl version --output=yaml
To delete the instance, first make sure you have exited from instance and then run the following command:
Local Hosting with OrbStack
Install Orbstack:
Log Observer Connect:
If you plan to use your own Splunk Observability Cloud Suite Org and or Splunk instance, you may need to create a new Log Observer Connect connection:
Follow the instructions found in the documentation for Splunk Cloud or Splunk Enterprize.
Additional requirements for running your own Log Observer Connect connection are:
Create an index called splunk4rookies-workshop
Make sure the Service account user used in the Log observer Connect Connection has access to the splunk4rookies-workshop index. (You can remove all other indexes, as all workshop log data should go to this index)
Clone workshop repository:
git clone https://github.com/splunk/observability-workshop
Change into Orbstack directory:
cd observability-workshop/local-hosting/orbstack
Copy the start.sh.example
to start.sh
and edit the file to set the following required variables
Make sure that you do not use a Raw Endpoint, but use an Event Endpoint instead as this will process the logs correctly
ACCESS_TOKEN
REALM
API_TOKEN
RUM_TOKEN
HEC_TOKEN
HEC_URL
Run the script and provide and instance name e.g.:
Once the instance has been successfully created (this can take several minutes), you will automatically be logged into the instance. If you exit you can SSH back in using the following command (replace <my_instance>
with the name of your instance):
ssh splunk@<my_instance>@orb
Once in the shell, you can validate that the instance is ready by running the following command:
kubectl version --output=yaml
To get the IP address of the instance, run the following command:
To delete the instance, run the following command: