Kubernetes API event watcher with output to Splunk HEC.
This is a fork of softonic/kubewatch adding support to output the data to Splunk via HTTP Event Collector (HEC).
go get -u github.com/gmichels/kubewatch
eval "$(kubewatch --completion-script-${0#-})"
Proper functionality depends on the existence of the following environment variables:
SPLUNK_HEC_HOST: the FQDN of the Splunk HTTP Event CollectorSPLUNK_HEC_PORT: the port of the Splunk HTTP Event CollectorSPLUNK_HEC_TOKEN: the token for the Splunk HTTP Event CollectorSPLUNK_HEC_PORT: the port of the Splunk HTTP Event Collector
The below environment variables are optional:
SPLUNK_HOST: thehostfield for the eventsSPLUNK_SOURCE: thesourcefield for the eventsSPLUNK_SOURCETYPE: thesourcetypefield for the eventsSPLUNK_INDEX: theindexfield for the events
kubewatch --help
usage: kubewatch [<flags>] <resources>...
Watches Kubernetes resources via its API.
Flags:
-h, --help Show context-sensitive help (also try --help-long and --help-man).
--kubeconfig Absolute path to the kubeconfig file.
--namespace Set the namespace to be watched.
--flatten Whether to produce flatten JSON output or not.
--version Show application version.
Args:
<resources> Space delimited list of resources to be watched.
Make sure the required environment variables are set.
Watch for pods and events in all namespaces:
kubewatch pods events | jq '.'
Same thing with docker:
docker run -it --rm \
-v ~/.kube/config:/root/.kube/config \
gmichels/kubewatch pods events | jq '.'
Watch for services events in namespace foo:
kubewatch --namespace foo services | jq '.'
Same thing with docker:
docker run -it --rm \
-v ~/.kube/config:/root/.kube/config \
gmichels/kubewatch --namespace foo services | jq '.'
See the examples in k8s-manifests folder for a Kubernetes deployment.