Getting Data In
Highlighted

What is the best practice for getting logs from a Docker container into Splunk?

New Member

So, I have about a thousand ways to index logs from a Docker container, but what I'm looking for is some kind of best practice for getting logs from a docker container into splunk.

None of the solutions I've come up with are elegant and I don't really like them. Anyone out there using Docker and Splunk? If so, how are you accomplishing it? mounting a volume for the container to write logs and then using Splunk on the Docker host? Writing all logs to stdout and forwarding that to Wyslog server that's running a Splunk Forwarder? Running Splunk forwarder inside the container? Something else?

Help me find a best practice way to do this!

0 Karma
Highlighted

Re: What is the best practice for getting logs from a Docker container into Splunk?

Splunk Employee
Splunk Employee

This pull request was merged into Docker (https://github.com/docker/docker/pull/16488) to add a log driver based on the HTTP Event Collector.

I'd use either this method or set up logging to the HTTP Event collector direct from your application - we have integrated this with Java and .NET and in beta for Javascript

0 Karma