Monitoring Splunk

AWS ECS Logs in Splunk

buildandconfign
New Member

Hello Folks,

I am trying to send logs from ECS to Splunk and I have followed everything in this blog https://www.splunk.com/blog/2016/07/13/docker-amazon-ecs-splunk-how-they-now-all-seamlessly-work-tog...

I have added splunk as logdriver into the ecs task definition as follows:

"logConfiguration": {
           "logDriver": "splunk",
           "options": {
             "splunk-token": "xxx",
             "splunk-url": "https://input-xxxx.cloud.splunk.com:8088",
             "splunk-insecureskipverify":"true",
             "splunk-format":"json"

           }
       }

I have also added the below into the userdata script:

echo ECS_AVAILABLE_LOGGING_DRIVERS='["splunk"]' >> /etc/ecs/ecs.config

In Splunk Cloud I am able to find events related to my application like this:

Audit:[timestamp=08-02-2018 14:17:40.427, user=xxxx, action=search, info=granted , search_id='ta_1533219460.2547', search='typeahead prefix="*APPLICATION*" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', savedsearch_name=""][n/a]

But I am not able to find the application logs at all. Could you please help me what am I missing here? The application is nodejs and I just want to see all docker logs of the container.

Thanks,
Ivan

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...