All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Collectd Docker Plugin for Splunk App Infrastructre is not working

drmeddenrasen
Explorer
‎11-27-2019 01:33 AM

Hello Everybody,
i want to monitor my docker containers with collectd and the Splunk infrastructure App, I followed the instructions of https://docs.splunk.com/Documentation/InfraApp/latest/Admin/ManageAgents, but when I want to start the collect deamon it comes up with these error Messages:

docker plugin: Buffer size is 16384, Data received=16384. Increase ReadBufferSize
docker plugin: curl_easy_perform failed with status 23: Failed writing received data to disk/application
docker plugin: Failed to get list of running containers

The Connection to my Splunk Server via hec is working fine, because i get the metrics of my physical machine, but not of these Docker containers. My Docker containers are running and i have checked the Docker.sock file with curl.

I am working on that problem for 2 days now. Would be great if anyone could help.

Best regards
Jannik

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mpise_splunk
Splunk Employee
Splunk Employee
‎11-27-2019 08:23 AM

Please add/increase ReadBufferSize in docker stanza in file /etc/collectd/collectd.conf on docker host.
example,
```

       dockersock "/var/run/docker.sock"
       apiversion "v1.20"
       **ReadBufferSize 32000**

```
You may have tune this value depending on the number of docker containers on your host.

View solution in original post

Reply
Solved! Jump to solution

drmeddenrasen
Explorer
‎12-04-2019 01:12 AM

I have antother question regarding this topic. At the Moment I can see only Docker Containers by ID and not by Name. Is there any possibilty to switch this? I tried it with lookup files, but it is not working with metrics.

Best regards
Jannik

Reply
Solved! Jump to solution

drmeddenrasen
Explorer
‎11-27-2019 10:03 AM

OHH my god it works fine!!! Thanks a lot!!! 🙂

0 Karma
Reply
Solved! Jump to solution
Solution

mpise_splunk
Splunk Employee
Splunk Employee
‎11-27-2019 08:23 AM

Please add/increase ReadBufferSize in docker stanza in file /etc/collectd/collectd.conf on docker host.
example,
```

       dockersock "/var/run/docker.sock"
       apiversion "v1.20"
       **ReadBufferSize 32000**

```
You may have tune this value depending on the number of docker containers on your host.

Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...