This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Splunk Observability platform integration with Dynatrace

Go to solution
dsteinbrick
Newcomer

‎15 Jul 2025 07:13 PM

Looking to understand the integration patterns for receiving data (metrics, logs) from Splunk and incorporating into Dynatrace dashboards.

Labels:
0 Kudos
Reply
1 REPLY 1

Go to solution
gopher
Pro

‎15 Jul 2025 10:20 PM

Hi @dsteinbrick ,  there is no direct integration, and it's going to be messy either way.
Realistically this needs to be done at the collection point rather than export - especially for the big 3 metrics, logs and traces. 

For this I'd suggest option 2 - it will just make life so much easier.   

Last time I checked Splunk only had minimal capabilities of streaming data as an export to 3rd parties.   Maybe there is something on Splunk base that could do this.  There is a dynatrace add on, that can send metrics, problems .. to splunk *(does not cover logs or traces)  

If you're after events only, then this is easy -> standard search query with alert & use option 1 or the events api as an endpoint for the alert to send to. You could possibly extend this to certain scheduled searches.   

For the big 3

1. use the OpenPipeline — Dynatrace Docs to ingest data and export from Splunk (you'll need to figure that part out)

2. Adding a Dynatrace exporter to the Splunk OTEL collector (I'm assuming you are using this since you mentioned Splunk observability).  you can dual stream to both Dynatrace and Splunk.  benefit here is that you get raw data and it's going to be able to be used directly in dynatrace. 
e.g

apiVersion: v1
kind: ConfigMap
metadata:
  name: otel-collector-config
  namespace: observability
  labels:
    app: otel-collector
data:
  otel-collector-config.yaml: |
    receivers:
      otlphttp:
        endpoint: 0.0.0.0:4318

    exporters:
      splunk_hec:
        token: "<your-splunk-hec-token>"
        endpoint: "https://<your-splunk-hec-endpoint>"
        source: "otel"
        sourcetype: "_json"
        index: "main"
        disable_compression: false
        max_connections: 20
        timeout: 10s

      dynatrace:
        api_token: "<your-dynatrace-api-token>"
        endpoint: "https://<your-dynatrace-endpoint>/api/v2/otlp"
        tls:
          insecure: false

    processors:
      batch:
        timeout: 5s
        send_batch_size: 512

    service:
      pipelines:
        traces:
          receivers: [otlphttp]
          processors: [batch]
          exporters: [splunk_hec, dynatrace]

        metrics:
          receivers: [otlphttp]
          processors: [batch]
          exporters: [splunk_hec, dynatrace]

        logs:
          receivers: [otlphttp]
          processors: [batch]
          exporters: [splunk_hec, dynatrace]


If your not using the splunk otel collector, you could also possibly try and fudge a heavy forwarder to send to the open pipeline by using the HEC configuration. 
be the guineapig 😀

Enjoy

0 Kudos
Reply
Ask a question

Featured Posts