All Apps and Add-ons

reduce /limit docker container logs


We are monitoring docker container logs in splunk through forwarder. Now, it does look like we are ingesting a lot of unnecessary stuff and the log volumes are in serious danger of tipping our daily license limits.
I am looking for some suggestions from forum members who have trimmed docker container logs. There are 2 options possible here - truncate/trim logs at the docker side or balcklist something at the splunk side.
for example this
alt text

if you look at the message fields , the message does not show any useful information. Has anyone worked on something similar and can suggest some string / pattern which we can blacklist or do some trimming at the docker container level?

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!


Or Learn More in Our Blog >>