All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

reduce /limit docker container logs

Sukisen1981
Champion
‎09-10-2019 12:54 AM

We are monitoring docker container logs in splunk through forwarder. Now, it does look like we are ingesting a lot of unnecessary stuff and the log volumes are in serious danger of tipping our daily license limits.
I am looking for some suggestions from forum members who have trimmed docker container logs. There are 2 options possible here - truncate/trim logs at the docker side or balcklist something at the splunk side.
for example this
alt text

if you look at the message fields , the message does not show any useful information. Has anyone worked on something similar and can suggest some string / pattern which we can blacklist or do some trimming at the docker container level?

Preview file
1 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 1 release of new security content via the ...

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...