I have the Docker Splunk driver running, but why a...

netadmin77 · ‎07-19-2016

I finally have the Splunk driver running successfully. At least I think so as it is not producing any errors.
Only... I go to my Splunk server and I see that it is not collecting any events. Since I am not getting any errors, I can't tell what I am missing. Please help!

Working docker run command below.

docker run -d --name ${CONTAINER_NAME} --log-driver=splunk  -p 8088:8088 -p 80:7385 \
--log-opt splunk-url=http://xx.xxx.x.xxx:8088 \
--log-opt splunk-token=58D4782B-XXXX-4884-XXXX-D6C58DB1335F \
--log-opt splunk-source=/opt/jboss/wildfly/standalone/log/server.log \
--log-opt splunk-insecureskipverify=true \

itradeclayton · ‎02-28-2018

Not sure this applies to you anymore, but I also noticed while setting this stuff up myself recently that in Splunk when you configure the HEC token, you need to go back into that configuration area and there's a "global" token setting that is set to disabled. You have to enable it.

gjanders · ‎08-10-2016

Have you turned on indexer acknowledgement on the data input for the HTTP event collector?
I found the docker driver only works with indexer acknowledgement turned off, otherwise it silently fails...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

I have the Docker Splunk driver running, but why are no events being collected?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms