diff --git a/charts/splunk-connect-for-syslog/templates/statefulset.yaml b/charts/splunk-connect-for-syslog/templates/statefulset.yaml
index 754f836d67..0647b9753e 100644
--- a/charts/splunk-connect-for-syslog/templates/statefulset.yaml
+++ b/charts/splunk-connect-for-syslog/templates/statefulset.yaml
@@ -43,7 +43,9 @@ spec:
fieldRef:
fieldPath: spec.nodeName
- name: SC4S_RUNTIME_ENV
- value: "k8s"
+ value: "k8s"
+ - name: SC4S_DEST_SPLUNK_SC4S_METRICS_HEC
+ value: "multi"
- name: SC4S_DEST_SPLUNK_HEC_DEFAULT_URL
value: "{{ .Values.splunk.hec_url }}"
- name: SC4S_DEST_SPLUNK_HEC_DEFAULT_TOKEN
diff --git a/deploy/k3s/sc4syslog.yaml b/deploy/k3s/sc4syslog.yaml
new file mode 100644
index 0000000000..12a36c6ef3
--- /dev/null
+++ b/deploy/k3s/sc4syslog.yaml
@@ -0,0 +1,16 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: sc4s
+ namespace: splunk-edge
+name: sc4s
+spec:
+ chart: splunk-connect-for-syslog/splunk-connect-for-syslog
+ repo: https://splunk.github.io/splunk-connect-for-syslog
+ targetNamespace: splunk-edge
+ valuesContent: |-
+ replicaCount: 2 #2x node count
+ splunk:
+ hec_url: "https://10.202.35.120:8088/services/collector/event"
+ hec_token: "00000000-0000-0000-0000-000000000000"
+ hec_verify_tls: "no"
diff --git a/deploy/k3s/sck.yaml b/deploy/k3s/sck.yaml
new file mode 100644
index 0000000000..8f9512fe48
--- /dev/null
+++ b/deploy/k3s/sck.yaml
@@ -0,0 +1,132 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: sck
+ namespace: sck
+name: sck
+spec:
+ chart: splunk-connect-for-kubernetes
+ repo: https://splunk.github.io/splunk-connect-for-kubernetes
+ targetNamespace: sck
+ valuesContent: |-
+ #global settings
+ global:
+ logLevel: info
+ splunk:
+ hec:
+ protocol: https
+ insecureSSL: true
+ host: "10.202.35.120"
+ token: "00000000-0000-0000-0000-000000000000"
+ port: 8088
+ kubernetes:
+ clusterName: "sc4s-edge"
+
+ #local config for logging chart
+ splunk-kubernetes-logging:
+ # Enable chart
+ enabled: true
+ # Determine logging level per chart
+ logLevel: info
+ containers:
+ logFormatType: cri
+ logFormat: "%Y-%m-%dT%H:%M:%S.%N%:z"
+ # Filter on Namespace to reduce log noise from all namespaces
+ fluentd:
+ path: "/var/log/containers/*_sc4snmp_*.log,/var/log/containers/*_sck_*.log"
+ kubernetes:
+ securityContext: true
+ # Set journald path. Update to reflect MicroK8s systemd services. See MicroK8s Docs.
+ journalLogPath: /var/log/journal
+ # Review flush intervals for Splunk Cloud vs Self-Managed back off timers
+ buffer:
+ "@type": memory
+ total_limit_size: 600m
+ chunk_limit_size: 10m
+ chunk_limit_records: 100000
+ flush_interval: 5s
+ flush_thread_count: 1
+ overflow_action: block
+ retry_max_times: 10
+ retry_type: periodic
+ k8sMetadata:
+ # Pod labels to collect
+ podLabels:
+ - app
+ - k8s-app
+ - release
+ - environment
+ - tier
+ # In case snmp prefix is useful or if you want to remove "kube"
+ sourcetypePrefix: "kube"
+ splunk:
+ hec:
+ indexName: em_events
+ logs:
+ sck:
+ from:
+ pod: sck-splunk-kubernetes-
+ container: splunk-fluentd-k8s-
+ multiline:
+ firstline: /^\d{4}-\d{2}-\d{2}\s\d{2}\:\d{2}\:\d{2}\s\+\d{4}\s\[\w+\]\:/
+ separator: "\n"
+ flushInterval: 5
+
+ #local config for objects chart
+ splunk-kubernetes-objects:
+ # enable or diable objects
+ enabled: true
+ rbac:
+ create: true
+ serviceAccount:
+ create: true
+ name: splunk-kubernetes-objects
+ kubernetes:
+ insecureSSL: true
+ objects:
+ core:
+ v1:
+ - name: pods
+ - name: namespaces
+ - name: component_statuses
+ - name: nodes
+ - name: services
+ - name: events
+ mode: watch
+ splunk:
+ hec:
+ indexName: em_meta
+
+ #local config for metrics chart
+ splunk-kubernetes-metrics:
+ # enable or disbale metrics
+ enabled: true
+ metricsInterval: 60s
+ kubernetes:
+ kubeletPort: 10255
+ kubeletPortAggregator: 10250
+ useRestClientSSL: false
+ insecureSSL: true
+ rbac:
+ create: true
+ serviceAccount:
+ create: true
+ name: splunk-kubernetes-metrics
+ splunk:
+ hec:
+ indexName: em_metrics
+ customFilters:
+ node:
+ tag: "kube.node.**"
+ type: record_modifier
+ body: |-
+
+ entity_type k8s_node
+
+ pod:
+ tag: "kube.pod.**"
+ type: record_modifier
+ body: |-
+
+ entity_type k8s_pod
+