https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336697#M62194 <P>What I am noticing is that I get the migration warning and then configuration doesn't seem to set. I'm literally using the docker container, but I've had to convert it to a docker-compose v3. I'm able to get that working independately, but when integrating it into my version, it seems to fail.</P> Tue, 06 Jun 2017 17:45:00 GMT stringa 2017-06-06T17:45:00Z https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336694#M62191 <P>I had this working at some point, but I am not able to get any of the commands to run after the universal forwarder starts up. At one point, I was able to see it add directories, but now I'm not sure what is wrong with my configuration that doesn't allow it to start run the startup commands</P> <PRE><CODE> vsplunk_uf: container_name: vsplunk_uf image: busybox volumes: - splunk-etc:/opt/splunk/etc - splunk-var:/opt/splunk/var splunkuniversalforwarder: image: splunk/universalforwarder:latest hostname: splunkuniversalforwarder environment: SPLUNK_START_ARGS: --accept-license --answer-yes SPLUNK_USER: root SPLUNK_CMD: 'add monitor -source /usr/local/localrw/logs/webrtc/* -index webrtc -sourcetype signaler' volumes: - /var/lib/docker/containers:/host/containers:ro - /var/run/docker.sock:/var/run/docker.sock:ro - splunk-etc:/opt/splunk/etc - splunk-var:/opt/splunk/var - signaler-logs:/usr/local/localrw/logs/webrtc - kms-logs:/var/log/kurento-media-server/ depends_on: - webrtc.server.1 - kms.1 - vsplunk_uf </CODE></PRE> <P>I am seeing the server logs stop here:</P> <PRE><CODE>splunkuniversalforwarder_1 | Checking conf files for problems... splunkuniversalforwarder_1 | Done splunkuniversalforwarder_1 | Checking default conf files for edits... splunkuniversalforwarder_1 | Validating installed files against hashes from '/opt/splunk/splunkforwarder-6.5.3-36937ad027d4-linux-2.6-x86_64-manifest' splunkuniversalforwarder_1 | All installed files intact. splunkuniversalforwarder_1 | Done splunkuniversalforwarder_1 | All preliminary checks passed. splunkuniversalforwarder_1 | splunkuniversalforwarder_1 | Starting splunk server daemon (splunkd)... splunkuniversalforwarder_1 | Done splunkuniversalforwarder_1 | </CODE></PRE> <P>And when I try to run: docker exec webrtcserver_splunkuniversalforwarder_1 entrypoint.sh splunk list monitor</P> <PRE><CODE>Authentication needed, run "splunk login" </CODE></PRE> <P>I've seen this run successfully, but I'm not sure what I'm doing wrong at this point and why it doesn't seem to be running the commands setup in the environment variables.</P> <P>Thanks for any tips</P> Tue, 29 Sep 2020 14:22:53 GMT https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336694#M62191 stringa 2020-09-29T14:22:53Z https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336695#M62192 <P>I won't do inputs as SPLUNK_CMD, but rather I will put them into an app (eg my_collection_app).<BR /> then I would do </P> <PRE><CODE>docker cp &lt;your_host&gt; &lt;uf_container_etc_apps&gt; # also permissions etc. </CODE></PRE> <P>(or manage using deployment-server)</P> <P>This way you can retain the purity of your docker image, but all other configurations managed from a central Repository location.</P> Tue, 29 Sep 2020 14:19:02 GMT https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336695#M62192 koshyk 2020-09-29T14:19:02Z https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336696#M62193 <P>I've noticed that I am getting a migration warning in my configuration and when I run a stripped down example, I am not getting that warning. </P> <P>What I am seeing in mine:</P> <PRE><CODE>This appears to be an upgrade of Splunk. </CODE></PRE> <P>I imagine if I can get rid of this warning it will work.</P> Tue, 06 Jun 2017 16:38:26 GMT https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336696#M62193 stringa 2017-06-06T16:38:26Z https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336697#M62194 <P>What I am noticing is that I get the migration warning and then configuration doesn't seem to set. I'm literally using the docker container, but I've had to convert it to a docker-compose v3. I'm able to get that working independately, but when integrating it into my version, it seems to fail.</P> Tue, 06 Jun 2017 17:45:00 GMT https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336697#M62194 stringa 2017-06-06T17:45:00Z https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336698#M62195 <P>hmm..very specific.<BR /> do you use just dockerfile or docker-compose? I used docker-compose and was very smooth</P> Wed, 07 Jun 2017 06:13:44 GMT https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336698#M62195 koshyk 2017-06-07T06:13:44Z https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336699#M62196 <P>It ended up being a problem with docker sharing volumes. As I was running all my tests, the volumes were not going away and just caused some problems.</P> <P>I ended up aborting on trying to get the Universal Forwarder working in our environment since I would have to build a new custom docker container to handle setting up proper SSL certs, and I've moved to using a Splunk docker log driver.</P> Wed, 07 Jun 2017 16:11:51 GMT https://community.splunk.com/t5/Getting-Data-In/Struggling-with-universal-forwarder-docker-container/m-p/336699#M62196 stringa 2017-06-07T16:11:51Z