Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What is the best way to get DCOS Mesos/Marathon to forward their containers logging into Splunk?

splunk_zen
Builder
‎12-12-2016 07:04 AM

What would be the best way to get DCOS Mesos/Marathon to forward their containers logging to Splunk?

As our Devs told me,
"Docker’s runtime (excluding Docker Images) is already deprecated and we are going to get rid of the Docker daemon with time. Therefore when working with logging we should focus only on what DCOS & Mesos provide"

Being Mesos just a way to orchestrate Docker clusters
I'm looking for a way to achieve the same as Docker's logging driver into Splunk's HTTP event Collector

0 Karma
Reply

mmcginnis2
Explorer
‎10-04-2017 11:31 AM

DC/OS has a really good write up on how to configure logging from their platform into Splunk. The write up includes all of the services that can be pulled out of journald and brought into splunk. It also includes commands to create the input stanza.

Link: https://dcos.io/docs/1.10/monitoring/logging/aggregating/splunk/

0 Karma
Reply

splunk_zen
Builder
‎06-14-2018 04:03 AM

The ingestion part was never an issue but rather the parsing one, which wasn't particularly well documented in 2016
https://docs.mesosphere.com/1.10/monitoring/logging/aggregating/filter-splunk/

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...