- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AWS ECS Logs in Splunk
buildandconfign
New Member
08-02-2018
08:32 AM
Hello Folks,
I am trying to send logs from ECS to Splunk and I have followed everything in this blog https://www.splunk.com/blog/2016/07/13/docker-amazon-ecs-splunk-how-they-now-all-seamlessly-work-tog...
I have added splunk as logdriver into the ecs task definition as follows:
"logConfiguration": {
"logDriver": "splunk",
"options": {
"splunk-token": "xxx",
"splunk-url": "https://input-xxxx.cloud.splunk.com:8088",
"splunk-insecureskipverify":"true",
"splunk-format":"json"
}
}
I have also added the below into the userdata script:
echo ECS_AVAILABLE_LOGGING_DRIVERS='["splunk"]' >> /etc/ecs/ecs.config
In Splunk Cloud I am able to find events related to my application like this:
Audit:[timestamp=08-02-2018 14:17:40.427, user=xxxx, action=search, info=granted , search_id='ta_1533219460.2547', search='typeahead prefix="*APPLICATION*" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', savedsearch_name=""][n/a]
But I am not able to find the application logs at all. Could you please help me what am I missing here? The application is nodejs and I just want to see all docker logs of the container.
Thanks,
Ivan
