Getting Data In
Highlighted

I have the Docker Splunk driver running, but why are no events being collected?

New Member

I finally have the Splunk driver running successfully. At least I think so as it is not producing any errors.
Only... I go to my Splunk server and I see that it is not collecting any events. Since I am not getting any errors, I can't tell what I am missing. Please help!

Working docker run command below.

docker run -d --name ${CONTAINER_NAME} --log-driver=splunk  -p 8088:8088 -p 80:7385 \
--log-opt splunk-url=http://xx.xxx.x.xxx:8088 \
--log-opt splunk-token=58D4782B-XXXX-4884-XXXX-D6C58DB1335F \
--log-opt splunk-source=/opt/jboss/wildfly/standalone/log/server.log \
--log-opt splunk-insecureskipverify=true \
0 Karma
Highlighted

Re: I have the Docker Splunk driver running, but why are no events being collected?

SplunkTrust
SplunkTrust

Have you turned on indexer acknowledgement on the data input for the HTTP event collector?
I found the docker driver only works with indexer acknowledgement turned off, otherwise it silently fails...

0 Karma
Highlighted

Re: I have the Docker Splunk driver running, but why are no events being collected?

Path Finder

Not sure this applies to you anymore, but I also noticed while setting this stuff up myself recently that in Splunk when you configure the HEC token, you need to go back into that configuration area and there's a "global" token setting that is set to disabled. You have to enable it.

0 Karma