Getting Data In

I have the Docker Splunk driver running, but why are no events being collected?

New Member

I finally have the Splunk driver running successfully. At least I think so as it is not producing any errors.
Only... I go to my Splunk server and I see that it is not collecting any events. Since I am not getting any errors, I can't tell what I am missing. Please help!

Working docker run command below.

docker run -d --name ${CONTAINER_NAME} --log-driver=splunk  -p 8088:8088 -p 80:7385 \
--log-opt splunk-url= \
--log-opt splunk-token=58D4782B-XXXX-4884-XXXX-D6C58DB1335F \
--log-opt splunk-source=/opt/jboss/wildfly/standalone/log/server.log \
--log-opt splunk-insecureskipverify=true \
0 Karma

Path Finder

Not sure this applies to you anymore, but I also noticed while setting this stuff up myself recently that in Splunk when you configure the HEC token, you need to go back into that configuration area and there's a "global" token setting that is set to disabled. You have to enable it.

0 Karma


Have you turned on indexer acknowledgement on the data input for the HTTP event collector?
I found the docker driver only works with indexer acknowledgement turned off, otherwise it silently fails...

Alerts for Splunk Admins
Version Control for Splunk
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!