Local Hosting

Info

Please disable any VPNs or proxies before setting up an instance e.g:

ZScaler
Cisco AnyConnect

These tools will prevent the instance from being created properly.

Local Hosting with Multipass
Learn how to create a local hosting environment with Multipass - Windows/Linux/Mac(Intel)
Local Hosting with OrbStack
Learn how to create a local hosting environment with OrbStack - Mac (Apple Silicon)
Running Demo-in-a-Box
Learn how to use Demo-in-a-Box to manage demos and otel collectors in an easy-to-use web interface.

Local Hosting with Multipass

Install Multipass and Terraform for your operating system. On a Mac (Intel), you can also install via Homebrew e.g.

brew install multipass
brew install terraform

Clone workshop repository:

git clone https://github.com/splunk/observability-workshop

Change into multipass directory:

cd observability-workshop/local-hosting/multipass

Log Observer Connect:

If you plan to use your own Splunk Observability Cloud Suite Org and or Splunk instance, you may need to create a new Log Observer Connect connection: Follow the instructions found in the documentation for Splunk Cloud or Splunk Enterprize.

Additional requirements for running your own Log Observer Connect connection are:

Create an index called splunk4rookies-workshop
Make sure the Service account user used in the Log observer Connect connection has access to the splunk4rookies-workshop index (you can remove all other indexes, as all workshop log data should go to this index).

Initialise Terraform:

terraform init -upgrade

```text Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/random... - Finding latest version of hashicorp/local... - Finding larstobi/multipass versions matching "~> 1.4.1"... - Installing hashicorp/random v3.5.1... - Installed hashicorp/random v3.5.1 (signed by HashiCorp) - Installing hashicorp/local v2.4.0... - Installed hashicorp/local v2.4.0 (signed by HashiCorp) - Installing larstobi/multipass v1.4.2... - Installed larstobi/multipass v1.4.2 (self-signed, key ID 797707331BF3549C) ```

Create Terraform variables file. Variables are kept in file terrform.tfvars and a template is provided, terraform.tfvars.template, to copy and edit:

cp terraform.tfvars.template terraform.tfvars

The following Terraform variables are required:

splunk_access_token: Observability Cloud Access Token
splunk_api_token: Observability Cloud API Token
splunk_rum_token: Observability Cloud RUM Token
splunk_realm: Observability Cloud Realm e.g. eu0
splunk_hec_url: Splunk HEC URL. Do not use a raw endpoint, use the event endpoint so logs process correctly.
splunk_hec_token: Splunk HEC Token
splunk_index: Splunk Index to send logs to. Defaults to splunk4rookies-workshop.

Instance type variables:

splunk_presetup: Provide a preconfigured instance (OTel Collector and Online Boutique deployed with RUM enabled). The default is false.
splunk_diab: Install and run Demo-in-a-Box. The default is false.
tagging_workshop: Install and configure the Tagging Workshop. The default is false.
otel_demo : Install and configure the OpenTelemetry Astronomy Shop Demo. This requires that splunk_presetup is set to false. The default is false.

Optional advanced variables:

wsversion: Set this to main if working on the development of the workshop, otherwise this can be omitted.
architecture: Set this to arm64 if you are running on Apple Silicon. Defaults to amd64.

Run terraform plan to check that all configuration is OK. Once happy run terraform apply to create the instance.

terraform apply

random_string.hostname: Creating...
random_string.hostname: Creation complete after 0s [id=cynu]
local_file.user_data: Creating...
local_file.user_data: Creation complete after 0s [id=46a5c50e396a1a7820c3999c131a09214db903dd]
multipass_instance.ubuntu: Creating...
multipass_instance.ubuntu: Still creating... [10s elapsed]
multipass_instance.ubuntu: Still creating... [20s elapsed]
...
multipass_instance.ubuntu: Still creating... [1m30s elapsed]
multipass_instance.ubuntu: Creation complete after 1m38s [name=cynu]
data.multipass_instance.ubuntu: Reading...
data.multipass_instance.ubuntu: Read complete after 1s [name=cynu]

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

instance_details = [
  {
    "image" = "Ubuntu 22.04.2 LTS"
    "image_hash" = "345fbbb6ec82 (Ubuntu 22.04 LTS)"
    "ipv4" = "192.168.205.185"
    "name" = "cynu"
    "state" = "Running"
  },
]

Once the instance has been successfully created (this can take several minutes), exec into it using the name from the output above. The password for Multipass instance is Splunk123!.

multipass exec cynu -- su -l splunk

$ multipass exec kdhl -- su -l splunk
Password:
Waiting for cloud-init status...
Your instance is ready!

Validate the instance:

kubectl version --output=yaml

To delete the instance, first make sure you have exited from instance and then run the following command:

terraform destroy

Local Hosting with OrbStack

Install Orbstack:

brew install orbstack

Log Observer Connect:

Additional requirements for running your own Log Observer Connect connection are: Create an index called splunk4rookies-workshop Make sure the Service account user used in the Log observer Connect Connection has access to the splunk4rookies-workshop index. (You can remove all other indexes, as all workshop log data should go to this index)

Clone workshop repository:

git clone https://github.com/splunk/observability-workshop

Change into Orbstack directory:

cd observability-workshop/local-hosting/orbstack

Copy the start.sh.example to start.sh and edit the file to set the following required variables Make sure that you do not use a Raw Endpoint, but use an Event Endpoint instead as this will process the logs correctly

ACCESS_TOKEN
REALM
API_TOKEN
RUM_TOKEN
HEC_TOKEN
HEC_URL

Run the script and provide and instance name e.g.:

./start.sh my-instance

Once the instance has been successfully created (this can take several minutes), you will automatically be logged into the instance. If you exit you can SSH back in using the following command (replace <my_instance> with the name of your instance):

ssh splunk@<my_instance>@orb

Once in the shell, you can validate that the instance is ready by running the following command:

kubectl version --output=yaml

To get the IP address of the instance, run the following command:

ifconfig eth0

To delete the instance, run the following command:

orb delete my-instance

Running Demo-in-a-Box

Demo-in-a-box is a method for running demo apps easily using a web interface.

It provides:

A quick way to deploy demo apps and states
A way to easily change configuration of your otel collector and see logs
Get pod status, pod logs, etc.

To leverage this locally using multipass:

Follow the local hosting for multipass instructions
- In the terraform.tfvars file, set splunk_diab to true and make sure all other options are set to false
- Then set the other required and important tokens/url
- Then run the terraform steps
Once the instance is up, navigate in your browser to: http://<IP>:8083
- In the terraform.tfvars file the wsversion defaults to the current version of the workshop e.g 4.64:
  - To use the latest developments change wsversion to use main
  - There are only three versions of the workshop maintained, development (main) current (e.g. 4.64 and the previous (e.g. 4.63)
  - After making the change, run terraform apply to make the changes
Now you can deploy any of the demos; this will also deploy the collector as part of the deployment

Local Hosting

Subsections of Local Hosting

Local Hosting with Multipass

Local Hosting with OrbStack

Running Demo-in-a-Box