Archive

splunk logging driver for docker

vvelpuri
Explorer

Hi i am trying to run docker with splunk logging driver . I am using splunk cloud managed service . I am receiving the below error any time did you face this error.

$sudo docker run --publish 80:80 --log-driver=splunk --log-opt splunk-token=xxxxxxxxxxx --log-opt splunk-url=https://http-inputs-ccccccc.splunkcloud.com/services/collector/event:8088 --log-opt splunk-insecureskipverify=true nginx

docker: Error response from daemon: Failed to initialize logging driver: splunk: expected format schema://dns_name_or_ip:port for splunk-url.

Tags (1)

vvelpuri
Explorer

hpant if the splunk url is not working then it shutdowns the docker daemon itself we faced this issue , hence we avoided using this.

0 Karma

hpant
New Member

Any Help from Splunk team on above issue?
i am able to send logs using curl command but not docker run.

0 Karma

hpant
New Member

We are using splunk collector configured with URL "https://splunk-ec.test.xyz.com:8088/services/collector/event" and i am able to send log using curl command but getting below same error when i used docker run with same url.

docker: Error response from daemon: Failed to initialize logging driver: splunk: expected format scheme://dns_name_or_ip:port for splunk-url.

if i removed "/services/collector/event" from url it is not working.
Does splunk collector automatically send request to "/services/collector/event" end point ? ,,our splunk even collector url path is like "https://splunk-ec.test.XYZ.com:8088/services/collector/event", but when i try to run docker run command with same URL, i am also getting same error message

docker: Error response from daemon: Failed to initialize logging driver: splunk: expected format scheme://dns_name_or_ip:port for splunk-url.

i am able to send event log using curl command with same URL. I doubt removing "/services/collector/event" from url will work?
does splunk event collector automatically add "/services/collector/event"?

0 Karma

barona
Explorer

Try to change the url to format --log-opt splunk-url=https://input-ccccccc.splunkcloud.com:8088. I'm afraid though that the docker splunk logging driver isn't working at the moment - you'll probably get handshake failure error. Splunk has said that they are working on the problem but I have no clue when the fix should be coming.

0 Karma