Operating Systems
Linux
We recommend using your preferred log forwarding agent, such as Vector (journald source), OpenTelemetry Collector (journald receiver), Fluent Bit (systemd or kmesg inputs), filebeat (journald input), or Grafana Alloy (journal source).
Each of these log forwarding agents has robust support for forwarding kernel logs and other files you want to ship.
Windows
We recommend using OpenTelemetry Collector to ship Windows event logs
and logfiles to SparkLogs. We recommend the MSI installer of the contrib distribution of the collector, which automatically
installs the collector as a Windows service. You can then customize C:\Program Files\OpenTelemetry Collector\config.yaml
as desired and restart the service.
Example OpenTelemetry Collector configuration template for Windows
OpenTelemetry Collector is fast and efficient for reading Windows event logs and local log files.
Make sure to customize your <REGION>, <AGENT-ID>, and <AGENT_ACCESS-TOKEN> in the template below.
Here is an example to ship the application, system, and security Windows event logs.
extensions:
health_check:
endpoint: 127.0.0.1:13133
receivers:
windowseventlog/application:
channel: application
windowseventlog/system:
channel: system
windowseventlog/security:
channel: security
processors:
# Add host system information to events (hostname, etc.)
resourcedetection:
detectors: [system]
system:
hostname_sources: ["os"]
# Tune for SparkLogs
batch:
send_batch_size: 2000
send_batch_max_size: 5000
timeout: 5s
exporters:
debug:
verbosity: basic
elasticsearch/sparklogs:
endpoints: ["https://es8.ingest-<REGION>.engine.sparklogs.app/"]
logs_index: otel-logs
user: "<AGENT-ID>"
password: "<AGENT-ACCESS-TOKEN>"
timeout: 90s
service:
pipelines:
logs:
receivers: [windowseventlog/application, windowseventlog/system, windowseventlog/security]
processors: [resourcedetection, batch]
exporters: [elasticsearch/sparklogs]
telemetry:
metrics:
level: detailed
readers:
- pull:
exporter:
prometheus:
host: 127.0.0.1
port: 8888
extensions: [health_check]