Select Page

Add Docker container logs in Splunk

Add Docker container logs in Splunk

With Splunk You will be able to

optimize container usage by monitoring CPU, memory, disk and network performance metrics from your containers. Pay only for what you need by managing resources and measuring the impact on service reliability and container resource requirements.

Get a complete overview of Kubernetes and OpenShift Environments Correlate performance metrics, container logs and OpenShift/Kubernetes configuration and metadata for a better understanding of how your infrastructure is performing and how hosted applications are behaving.


Add a new HTTP Event Collector

you need to enable the Splunk HTTP Event Collector. In the Splunk UI, go to Settings -> Data Inputs -> HTTP Event Collector -> Global Settings.

Click Enabled alongside ‘All Tokens’, and enable SSL. This will enable the HTTP Event Collector on port 8088 (the default), using the Splunk default certificate.

Note down the token, e.g. f7a00add-34cd-5c00-bb16-e4f813805d81

You can do a quick test by running

 curl -k \     -H 'Authorization: Splunk f6a00add-63cd-4c00-bb16-e2f815805d81' -d '{"sourcetype": "mysourcetype", "event":"Hello, World!"}' 


Add docker app

Navigate to  yourSplunkHost/en-US/manager/launcher/appsremote?offset=0&count=20&order=relevance&query=docker

Click Install and log using your credentials (register now if needed)

Configure Docker to log to Splunk

You can configure Docker logging to use the Splunk driver by default or on a per-container basis.

To use the Splunk driver as the default logging driver, set the keys log-driver and log-opts to appropriate values in the daemon.json configuration file and restart Docker. For example:

{   "log-driver": "splunk",   "log-opts": {     "splunk-token": "f6a00add-63cd-4c00-bb16-e2f815805d81",     "splunk-url": ""   } } 

The daemon.json file is located in /etc/docker/daemon.json

Restart the docker daemon and you’re done. 


About The Author

Cédric Walter

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.