Splunk Driver for docker only logs as source stdou...

Splunk Search

I have a problem using the Splunk Logging Driver for Docker.

The Java Application within the container produces messages to stdout and stderr with a different level of detail for different audiences. In Splunk however all recieved messages are labled with source=stdout.

Idealy I would like to get the source tag correct as used by the java App and then use it to diferentiate between both types of logs in Splunk queries. Is there something I can do to get the correct source?

Splunk log driver configuration in docker-compose:

logging:
    driver: splunk
    options:
        splunk-url: https://splunkhf:8088
        splunk-token: [TOKEN]
        splunk-index: splunk_index
        splunk-insecureskipverify: "true"
        splunk-sourcetype: log4j
        splunk-format: "json"
        tag: "{{.Name}}/{{.ID}}"

Example log message sent to splunk:

{
   line: 2021-01-12 11:37:49,191;10718;INFO ;[Thread-1];Logger; ;Executed all shutdown events. 
   source: stdout 
   tag: service_95f2bac29286/582385192fde 
}

Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here! The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...