There is a “LOG”! Introducing Splunk Logging Driver in Docker 1.10.0

Splunk is very excited to announce that the latest release of Docker now includes the Splunk logging driver for Docker. The driver lets you easily capture and unify all stdout from Docker containers to further diagnose, monitor and alert when problems are reported (e.g., HTTP 40x/50x errors,  NullPointerException, OOM, etc.).
Built on the HTTP Event Collector (HEC) available in Splunk 6.3,  log events are sent securely and efficiently. Minimal configuration is required…

  1. Enable HEC under  Settings->Data Inputs->HTTP Event Collector->Global Settings
  2. Create a New HEC Token
  3. Configure the Splunk logging driver parameters

RESULT: Logs are collected and can be analyzed real-time in Splunk by your DevOps teams!


Also included in Splunk’s logging driver is support for Docker labels in the collected log events.  Using Docker labels when running containers (–label sdlc=dev –log-opt labels=sdlc) can really help you simplify the classification and analysis of logs exported to Splunk as the labels will automatically be injected into each event and searchable in Splunk.


For more technical information, read the following blog post:

This is just the beginning of our plans for Docker.  Tell us about how you are using Docker in your organization and other Docker monitoring capabilities you’d like to see in Splunk!

Docker is here to stay…  don’t be left behind… go get the latest release of Docker and MONITOR your Docker ecosystem the SPLUNK WAY!

Marc Chéné

Posted by