All Apps and Add-ons

reduce /limit docker container logs

Sukisen1981
Champion

We are monitoring docker container logs in splunk through forwarder. Now, it does look like we are ingesting a lot of unnecessary stuff and the log volumes are in serious danger of tipping our daily license limits.
I am looking for some suggestions from forum members who have trimmed docker container logs. There are 2 options possible here - truncate/trim logs at the docker side or balcklist something at the splunk side.
for example this
alt text

if you look at the message fields , the message does not show any useful information. Has anyone worked on something similar and can suggest some string / pattern which we can blacklist or do some trimming at the docker container level?

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...