Skip to content

Kubernetes API event watcher with output to Splunk HEC

License

Notifications You must be signed in to change notification settings

gmichels/kubewatch

 
 

Repository files navigation

kubewatch

Version Widget License Widget GoReportCard Widget Travis Widget DockerHub Widget

Overview

Kubernetes API event watcher with output to Splunk HEC.

This is a fork of softonic/kubewatch adding support to output the data to Splunk via HTTP Event Collector (HEC).

Install
go get -u github.com/gmichels/kubewatch
Shell completion
eval "$(kubewatch --completion-script-${0#-})"
Splunk Configuration

Proper functionality depends on the existence of the following environment variables:

  • SPLUNK_HEC_HOST: the FQDN of the Splunk HTTP Event Collector
  • SPLUNK_HEC_PORT: the port of the Splunk HTTP Event Collector
  • SPLUNK_HEC_TOKEN: the token for the Splunk HTTP Event Collector
  • SPLUNK_HEC_PORT: the port of the Splunk HTTP Event Collector

The below environment variables are optional:

  • SPLUNK_HOST: the host field for the events
  • SPLUNK_SOURCE: the source field for the events
  • SPLUNK_SOURCETYPE: the sourcetype field for the events
  • SPLUNK_INDEX: the index field for the events
Help
kubewatch --help
usage: kubewatch [<flags>] <resources>...

Watches Kubernetes resources via its API.

Flags:
  -h, --help          Show context-sensitive help (also try --help-long and --help-man).
      --kubeconfig    Absolute path to the kubeconfig file.
      --namespace     Set the namespace to be watched.
      --flatten       Whether to produce flatten JSON output or not.
      --version       Show application version.

Args:
  <resources>  Space delimited list of resources to be watched.
Out-of-cluster examples:

Make sure the required environment variables are set.

Watch for pods and events in all namespaces:

kubewatch pods events | jq '.'

Same thing with docker:

docker run -it --rm \
-v ~/.kube/config:/root/.kube/config \
gmichels/kubewatch pods events | jq '.'

Watch for services events in namespace foo:

kubewatch --namespace foo services | jq '.'

Same thing with docker:

docker run -it --rm \
-v ~/.kube/config:/root/.kube/config \
gmichels/kubewatch --namespace foo services | jq '.'
In-cluster examples:

See the examples in k8s-manifests folder for a Kubernetes deployment.

About

Kubernetes API event watcher with output to Splunk HEC

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 99.6%
  • Shell 0.4%