What is the best practice for getting logs from a ...

jtiner · ‎11-05-2015

So, I have about a thousand ways to index logs from a Docker container, but what I'm looking for is some kind of best practice for getting logs from a docker container into splunk.

None of the solutions I've come up with are elegant and I don't really like them. Anyone out there using Docker and Splunk? If so, how are you accomplishing it? mounting a volume for the container to write logs and then using Splunk on the Docker host? Writing all logs to stdout and forwarding that to Wyslog server that's running a Splunk Forwarder? Running Splunk forwarder inside the container? Something else?

Help me find a best practice way to do this!

dart · ‎11-06-2015

This pull request was merged into Docker (https://github.com/docker/docker/pull/16488) to add a log driver based on the HTTP Event Collector.

I'd use either this method or set up logging to the HTTP Event collector direct from your application - we have integrated this with Java and .NET and in beta for Javascript

What is the best practice for getting logs from a Docker container into Splunk?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation