Add example showing the OpenTelemetry Collector used to receive Docke…

…r logs (open-telemetry#65)

* Add example showing the OpenTelemetry Collector used to receive Docker logs

* remove the sleep statement since we rely on the ticker

examples/splunk-hec/README.md

@@ -0,0 +1,16 @@
+# Splunk HEC Example
+
+This example showcases how the collector can send data to a Splunk Enterprise deployment over the Docker logging driver.
+
+The example runs as a Docker Compose deployment. The collector can be configured to send logs to Splunk Enterprise.
+
+Splunk is configured to receive data from the OpenTelemetry Collector using the HTTP Event collector. To learn more about HEC, visit [our guide](https://dev.splunk.com/enterprise/docs/dataapps/httpeventcollector/).
+
+To deploy the example, check out this git repository, open a terminal and in this directory type:
+```bash
+$> docker-compose up --build
+```
+
+Splunk will become available on port 18000. You can login on [http://localhost:18000](http://localhost:18000) with `admin` and `changeme`.
+
+Once logged in, visit the [search application](http://localhost:18000/en-US/app/search) to see the logs collected by Splunk.

examples/splunk-hec/docker-compose.yml

@@ -0,0 +1,51 @@
+version: "3"
+services:
+  # Sample Go application producing logs.
+  logging:
+    container_name: logging
+    build:
+      context: logging
+    restart: always
+    logging:
+      driver: "splunk"
+      options:
+        splunk-token: "00000000-0000-0000-0000-0000000000000"
+        splunk-url: "http://localhost:18088"
+        splunk-insecureskipverify: "true"
+        splunk-verify-connection: "false"
+        splunk-format: "json"
+        tag: "{{.Name}}-{{.ID}}"
+        splunk-sourcetype: "docker:orderer"
+        splunk-source: orderer.example.com
+    depends_on:
+      - otelcollector
+  # Splunk Enterprise server:
+  splunk:
+    image: splunk/splunk:latest
+    container_name: splunk
+    environment:
+      - SPLUNK_START_ARGS=--accept-license
+      - SPLUNK_HEC_TOKEN=00000000-0000-0000-0000-0000000000000
+      - SPLUNK_PASSWORD=changeme
+    ports:
+      - 18000:8000
+    healthcheck:
+      test: ['CMD', 'curl', '-f', 'http://localhost:8000']
+      interval: 5s
+      timeout: 5s
+      retries: 20
+    volumes:
+      - ./splunk.yml:/tmp/defaults/default.yml
+      - /opt/splunk/var
+      - /opt/splunk/etc
+  # OpenTelemetry Collector
+  otelcollector:
+    image:  otel/opentelemetry-collector-contrib-dev:latest #quay.io/signalfx/splunk-otel-collector:0.4.0
+    container_name: otelcollector
+    command: ["--config=/etc/otel-collector-config.yml", "--log-level=DEBUG"]
+    volumes:
+      - ./otel-collector-config.yml:/etc/otel-collector-config.yml
+    depends_on:
+      - splunk
+    ports:
+      - 18088:8088

examples/splunk-hec/logging/Dockerfile

@@ -0,0 +1,12 @@
+FROM golang:1.14-stretch
+
+WORKDIR /go/src/app
+
+COPY go.mod .
+COPY main.go .
+
+RUN go get
+
+RUN go build
+
+CMD /go/src/app/app

examples/splunk-hec/logging/go.mod

@@ -0,0 +1,8 @@
+module app
+
+go 1.14
+
+require (
+	go.opentelemetry.io/otel v0.15.0
+	go.uber.org/zap v1.16.0
+)

examples/splunk-hec/logging/main.go

@@ -0,0 +1,35 @@
+package main
+
+import (
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"go.uber.org/zap"
+)
+
+
+func main() {
+	logger, _ := zap.NewProduction()
+	defer logger.Sync()
+
+	counter := int64(0)
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)
+	ticker := time.NewTicker(1 * time.Second)
+
+	logger.Info("Start logging app")
+	for {
+		select {
+		case <-ticker.C:
+			counter++
+			logger.Info("Logging a line", zap.Int64("counter", counter))
+			break
+		case <-c:
+			ticker.Stop()
+			logger.Info("Stop logging app")
+			return
+		}
+	}
+}

examples/splunk-hec/otel-collector-config.yml

@@ -0,0 +1,43 @@
+receivers:
+    splunk_hec:
+
+exporters:
+    splunk_hec/logs:
+        # Splunk HTTP Event Collector token.
+        token: "00000000-0000-0000-0000-0000000000000"
+        # URL to a Splunk instance to send data to.
+        endpoint: "https://splunk:8088/services/collector"
+        # Optional Splunk source: https://docs.splunk.com/Splexicon:Source
+        source: "app"
+        # Optional Splunk source type: https://docs.splunk.com/Splexicon:Sourcetype
+        sourcetype: "_json"
+        # Splunk index, optional name of the Splunk index targeted.
+        index: "logs"
+        # Maximum HTTP connections to use simultaneously when sending data. Defaults to 100.
+        max_connections: 20
+        # Whether to disable gzip compression over HTTP. Defaults to false.
+        disable_compression: false
+        # HTTP timeout when sending data. Defaults to 10s.
+        timeout: 10s
+        # Whether to skip checking the certificate of the HEC endpoint when sending data over HTTPS. Defaults to false.
+        # For this demo, we use a self-signed certificate on the Splunk docker instance, so this flag is set to true.
+        insecure_skip_verify: true
+
+processors:
+    batch:
+    queued_retry:
+
+extensions:
+    health_check:
+    pprof:
+      endpoint: :1888
+    zpages:
+      endpoint: :55679
+
+service:
+    extensions: [pprof, zpages, health_check]
+    pipelines:
+      logs:
+        receivers: [splunk_hec]
+        processors: [batch]
+        exporters: [splunk_hec/logs]

examples/splunk-hec/splunk.yml

@@ -0,0 +1,11 @@
+splunk:
+    conf:
+      indexes:
+        directory: /opt/splunk/etc/apps/search/local
+        content:
+          logs:
+            coldPath: $SPLUNK_DB/logs/colddb
+            datatype: event
+            homePath: $SPLUNK_DB/logs/db
+            maxTotalDataSizeMB: 512000
+            thawedPath: $SPLUNK_DB/logs/thaweddb