Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Cloud & HTTP Event Collector: Docker log-driver error "Failed to initialize logging driver: remote error: handshake failure."

particlebrandon
Explorer
‎08-29-2016 04:14 PM

I am using Splunk Cloud with the free trial period right now. I need to verify that we are able to use Splunk Cloud with Docker log-driver before we actually move forward with Splunk long-term. I turned on the HTTP Event Collector in Splunk, but I am not able to pass logs via the Docker log-driver options even with splunk-insecureskipverify set to true. See below.

docker run --log-driver=splunk --log-opt splunk-token=C041DEEB-XXXX-XXX-9F5F-3XXXXXXXXXD1C --log-opt splunk-url=https://input-prd-p-5XXXXXXXXX.cloud.splunk.com:8088 --log-opt splunk-insecureskipverify=true hello-world
docker: Error response from daemon: Failed to initialize logging driver: remote error: handshake failure.

Although I did verify the the HTTP event collector is working with the curl command provided. Although that includes /services/collector in the URL, when that is passed to docker run command, it errors out not expecting it to include the full URI.

Reply

barona
Explorer
‎09-08-2016 06:41 AM

Did you manage to get docker splunk logging driver work? I'm having exactly the same problem.

0 Karma
Reply

micahhausler
Engager
‎09-08-2016 06:43 AM

I gave up and went with Fluentd + AWS Cloudwatch Logs + AWS Elasticsearch. Its a breeze to set up

0 Karma
Reply

particlebrandon
Explorer
‎09-08-2016 09:18 AM

I am ready to give up also, debating on moving back to ELK personally. There was an posting which 1 someone from Splunk mentioned that self-service certs are not supported in golang. I was confused on if that was in Splunk Light or Splunk Cloud or if there was any difference.

At this point I assume there is not any difference and currently Splunk Light/Cloud does not support the docker log-driver.

Sucks because Splunk would have been an perfect fit for me with our logging needs.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...