We are monitoring docker container logs in splunk through forwarder. Now, it does look like we are ingesting a lot of unnecessary stuff and the log volumes are in serious danger of tipping our daily license limits.
I am looking for some suggestions from forum members who have trimmed docker container logs. There are 2 options possible here - truncate/trim logs at the docker side or balcklist something at the splunk side.
for example this
if you look at the message fields , the message does not show any useful information. Has anyone worked on something similar and can suggest some string / pattern which we can blacklist or do some trimming at the docker container level?