Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What is the best way to get DCOS Mesos/Marathon to forward their containers logging into Splunk?

splunk_zen
Builder
‎12-12-2016 07:04 AM

What would be the best way to get DCOS Mesos/Marathon to forward their containers logging to Splunk?

As our Devs told me,
"Docker’s runtime (excluding Docker Images) is already deprecated and we are going to get rid of the Docker daemon with time. Therefore when working with logging we should focus only on what DCOS & Mesos provide"

Being Mesos just a way to orchestrate Docker clusters
I'm looking for a way to achieve the same as Docker's logging driver into Splunk's HTTP event Collector

0 Karma
Reply

mmcginnis2
Explorer
‎10-04-2017 11:31 AM

DC/OS has a really good write up on how to configure logging from their platform into Splunk. The write up includes all of the services that can be pulled out of journald and brought into splunk. It also includes commands to create the input stanza.

Link: https://dcos.io/docs/1.10/monitoring/logging/aggregating/splunk/

0 Karma
Reply

splunk_zen
Builder
‎06-14-2018 04:03 AM

The ingestion part was never an issue but rather the parsing one, which wasn't particularly well documented in 2016
https://docs.mesosphere.com/1.10/monitoring/logging/aggregating/filter-splunk/

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...