Your Data, Your Choice: Expanding Log Ingestion Options with OpenTelemetry

In the evolving landscape of modern IT, OpenTelemetry (OTel) has emerged as the gold standard for collecting traces, metrics, and logs. While the industry has moved rapidly toward these open-source standards, customers have found themselves at a crossroads when trying to integrate these standards with their existing Splunk platform.

The Challenge: Fragmented Data Ingestion

For some enterprise customers, the journey to full OpenTelemetry adoption has been met with a significant hurdle. Until now, Splunk’s support for sending data from the OpenTelemetry Collector to the Splunk Platform was largely limited to specific Kubernetes use cases.

This limitation created a fragmented experience. Customers often had to manage different agents for different environments, leading to increased architectural complexity and a lack of consistency across their observability pipeline. Despite these hurdles, the demand for OTel is undeniable—in fact, some Splunk Cloud customers have already started to adopt OpenTelemetry for logs ingestion on their own.

The Solution: Native Logs Ingestion via the OpenTelemetry Collector

To meet growing demand and simplify the user experience, we are excited to launch native logs Ingestion via the Splunk Distribution of the OpenTelemetry Collector for Splunk Platform via OTLP ingestion.

By providing full support for the OpenTelemetry Collector for log ingestion, Splunk is enabling a unified, standard agent for all environments and deployment models. This feature aligns Splunk’s offerings with global industry standards and provides a single path for data, regardless of whether your infrastructure is on-premise or in the cloud.

How This Benefits Splunk Customers

For those customers that are working to standardize on OpenTelemetry, the shift to native logs ingestion offers three primary advantages for your organization:

1. Industry Standardization and Future-Proofing

Interoperability: OTLP is an open, vendor-neutral protocol. This ensures seamless integration with modern observability tools and ecosystems.

Reduced Vendor Lock-in: By adopting an open standard, you reduce the risk of being tied to a single vendor's proprietary agent, ensuring your architecture remains compatible with evolving best practices.

2. Unified and Simplified Data Collection

A Single Agent: You can now deploy the OpenTelemetry Collector as your primary agent, eliminating the need for additional agents like the Universal Forwarder. This significantly simplifies your system architecture.

Consistency: With one agent handling traces, metrics, and logs, your data collection becomes standardized, making deployment and ongoing management much easier for operations teams.

3. Enhanced Observability Features​

Field Extraction: Collector can pre-process logs, structuring data for downstream use (e.g., Splunk Enterprise Security), improving log analytics efficiency.​

Looking Ahead

Native OpenTelemetry log ingestion is more than just a technical update; it is a commitment to providing Splunk customers with the flexibility and standardization required for the modern era of observability. By simplifying the ingestion pipeline, we are helping you focus less on managing agents and more on gaining insights from your data.

If you want to download this and try it today you can find more information here.