Failed to receive logs from Docker with Splunk Log...

Getting Data In

Hi all,

I followed the instruction in https://github.com/splunk/docker-logging-plugin to install the log driver, and also setup the HEC in Splunk.
Tried following:
1. docker run --publish 4000:80 --log-driver=splunk-logging-plugin --log-opt splunk-token=xxxxx --log-opt splunk-url=https://127.0.0.1:8088 xxxx; No logs in Splunk
2. Change docker daemon as
{
"debug" : true,
"experimental" : false,
"log-driver": "splunk-logging-plugin",
"log-opts": {
"splunk-token": "xxxxxx",
"splunk-url": "https://127.0.0.1:8088",
"splunk-insecureskipverify": "true"
}
}
No logs in Splunk
3. curl -k https://127.0.0.1:8088/services/collector/event -H "Authorization: Splunk xxxxxx" -d '{"event": "hello world"}'
Receive return meg: {"text": "Success", "code": 0}, and got logs in Splunk

Any advice where is the problem or how should I debug this?

Thanks.

Get Updates on the Splunk Community!

Failed to receive logs from Docker with Splunk Logging Driver

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation