AWS ECS Logs in Splunk

buildandconfign · ‎08-02-2018

Hello Folks,

I am trying to send logs from ECS to Splunk and I have followed everything in this blog https://www.splunk.com/blog/2016/07/13/docker-amazon-ecs-splunk-how-they-now-all-seamlessly-work-tog...

I have added splunk as logdriver into the ecs task definition as follows:

"logConfiguration": {
           "logDriver": "splunk",
           "options": {
             "splunk-token": "xxx",
             "splunk-url": "https://input-xxxx.cloud.splunk.com:8088",
             "splunk-insecureskipverify":"true",
             "splunk-format":"json"

           }
       }

I have also added the below into the userdata script:

echo ECS_AVAILABLE_LOGGING_DRIVERS='["splunk"]' >> /etc/ecs/ecs.config

In Splunk Cloud I am able to find events related to my application like this:

Audit:[timestamp=08-02-2018 14:17:40.427, user=xxxx, action=search, info=granted , search_id='ta_1533219460.2547', search='typeahead prefix="*APPLICATION*" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', savedsearch_name=""][n/a]

But I am not able to find the application logs at all. Could you please help me what am I missing here? The application is nodejs and I just want to see all docker logs of the container.

Thanks,
Ivan

AWS ECS Logs in Splunk

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation

AWS ECS Logs in Splunk

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+