Splunk Introduces OpenTelemetry eBPF Instrumentation and Kubernetes Operator at KubeCon EU 2026

Splunk’s OpenTelemetry eBPF Instrumentation (OBI) marks a shift toward kernel‑level observability that requires no code changes. By leveraging eBPF, OBI taps directly into the Linux kernel to emit distributed traces and RED (rate, errors, duration) metrics, covering languages such as Go, Rust, C++ and even legacy binaries. This zero‑code approach solves a long‑standing pain point for teams operating large Kubernetes clusters where manual instrumentation is impractical. The integration with existing OpenTelemetry SDKs ensures data consistency while avoiding duplicate signals, giving operators a more complete view of application performance.

The Splunk Operator for Kubernetes, now generally available, brings native, declarative management of Splunk Enterprise to cloud‑native environments. It automatically provisions indexer pods and ties scaling decisions to Horizontal Pod Autoscaler metrics, expanding capacity as CPU usage rises. Pod Disruption Budgets safeguard continuity during node maintenance, reducing downtime risk for critical log and metric pipelines. By embedding these controls in Kubernetes manifests, enterprises can treat Splunk as a first‑class service, simplifying operations and aligning observability infrastructure with existing DevOps workflows.

Complementing the instrumentation advances, Splunk’s beta support for log ingestion via the OpenTelemetry Protocol consolidates traces, metrics and logs into a single Collector agent. This eliminates the need for the traditional Universal Forwarder, cutting deployment complexity and licensing overhead. The broader monitoring suite now surfaces configuration drift by parsing YAML manifests and provides real‑time health checks for Horizontal Pod Autoscalers. Together, these capabilities position Splunk as a unified observability platform that aligns with the industry’s move toward open standards and reduces the operational burden of multi‑tool stacks.