Monitoring Splunk

AWS ECS Logs in Splunk

New Member

Hello Folks,

I am trying to send logs from ECS to Splunk and I have followed everything in this blog

I have added splunk as logdriver into the ecs task definition as follows:

"logConfiguration": {
           "logDriver": "splunk",
           "options": {
             "splunk-token": "xxx",
             "splunk-url": "",


I have also added the below into the userdata script:

echo ECS_AVAILABLE_LOGGING_DRIVERS='["splunk"]' >> /etc/ecs/ecs.config

In Splunk Cloud I am able to find events related to my application like this:

Audit:[timestamp=08-02-2018 14:17:40.427, user=xxxx, action=search, info=granted , search_id='ta_1533219460.2547', search='typeahead prefix="*APPLICATION*" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', savedsearch_name=""][n/a]

But I am not able to find the application logs at all. Could you please help me what am I missing here? The application is nodejs and I just want to see all docker logs of the container.


0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!