Splunk Driver for docker only logs as source stdou...

Splunk Search

I have a problem using the Splunk Logging Driver for Docker.

The Java Application within the container produces messages to stdout and stderr with a different level of detail for different audiences. In Splunk however all recieved messages are labled with source=stdout.

Idealy I would like to get the source tag correct as used by the java App and then use it to diferentiate between both types of logs in Splunk queries. Is there something I can do to get the correct source?

Splunk log driver configuration in docker-compose:

logging:
    driver: splunk
    options:
        splunk-url: https://splunkhf:8088
        splunk-token: [TOKEN]
        splunk-index: splunk_index
        splunk-insecureskipverify: "true"
        splunk-sourcetype: log4j
        splunk-format: "json"
        tag: "{{.Name}}/{{.ID}}"

Example log message sent to splunk:

{
   line: 2021-01-12 11:37:49,191;10718;INFO ;[Thread-1];Logger; ;Executed all shutdown events. 
   source: stdout 
   tag: service_95f2bac29286/582385192fde 
}

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Thursday, July 9, 2026 | 11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...