Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Failed to receive logs from Docker with Splunk Logging Driver

xzou_splunk
Splunk Employee
Splunk Employee
‎09-14-2019 08:01 PM

Hi all,

I followed the instruction in https://github.com/splunk/docker-logging-plugin to install the log driver, and also setup the HEC in Splunk.
Tried following:
1. docker run --publish 4000:80 --log-driver=splunk-logging-plugin --log-opt splunk-token=xxxxx --log-opt splunk-url=https://127.0.0.1:8088 xxxx; No logs in Splunk
2. Change docker daemon as
{
"debug" : true,
"experimental" : false,
"log-driver": "splunk-logging-plugin",
"log-opts": {
"splunk-token": "xxxxxx",
"splunk-url": "https://127.0.0.1:8088",
"splunk-insecureskipverify": "true"
}
}
No logs in Splunk
3. curl -k https://127.0.0.1:8088/services/collector/event -H "Authorization: Splunk xxxxxx" -d '{"event": "hello world"}'
Receive return meg: {"text": "Success", "code": 0}, and got logs in Splunk

Any advice where is the problem or how should I debug this?

Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...