Akamai Splunk SIEM Connector On Kubernetes

A client who uses Akamai for their edge security wanted to download logs and events into Splunk for analysis and machine learning as they built new data models.

Akamai offers a SIEM Splunk connector

It was supposed to be easy to setup, and it was, after we figured out how to get it installed on a stand alone Splunk instance on our self-managed Kubernetes cluster :)

We deployed a stand alone Splunk instance and that was simple and easy, but when we configured the connector and enabled it all we got was errors inside of Splunk and no imported data.

The first challenge was identifying that this connector does not support OpenJDK…I had to use JRE.

That challenge was resolved but we were still getting errors:

After much head scratching and Googling, we finally identified that a max CPU was not set for the K8s pod…Once we set a MAX CPU setting in the kubernetes pod, the connector came up right away.

Here is the working deployment yaml

Here is the service yaml

I hope this helps someone else experiencing the same challenges.

Principal Site Reliability Engineer. Cyber Security Professional. Technologist. Leader.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store