Getting Data In

What is the best practice for getting logs from a Docker container into Splunk?

New Member

So, I have about a thousand ways to index logs from a Docker container, but what I'm looking for is some kind of best practice for getting logs from a docker container into splunk.

None of the solutions I've come up with are elegant and I don't really like them. Anyone out there using Docker and Splunk? If so, how are you accomplishing it? mounting a volume for the container to write logs and then using Splunk on the Docker host? Writing all logs to stdout and forwarding that to Wyslog server that's running a Splunk Forwarder? Running Splunk forwarder inside the container? Something else?

Help me find a best practice way to do this!

0 Karma

Splunk Employee
Splunk Employee

This pull request was merged into Docker ( to add a log driver based on the HTTP Event Collector.

I'd use either this method or set up logging to the HTTP Event collector direct from your application - we have integrated this with Java and .NET and in beta for Javascript

0 Karma
Get Updates on the Splunk Community!

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...

Announcing Our Splunk MVPs

We are excited to announce the first cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...