I followed steps in "Heroku App for Splunk"...
The question that I have is that I am using the IP address of the docker container (from "docker inspect").
Do I need to open port 514 on the Docker container?
Any help or insight is appreciated!
-David
You'll also need to ensure that IP Forwarding is enabled on the OS in order to allow Docker to do what you are attempting.
I don't know Mac OS, but the Linux equivalent is set via sysctl:
net.ipv4.conf.all.forwarding = 1
and/or
net.ipv6.conf.all.forwarding = 1
Without those Docker will never be able to communicate with the outside world.
Hi dkillian!
Where are you running docker, also what version/flavor?
You will need to expose the port to the host, so that the host machine running docker can bridge or route the external traffic to the container.
Start here:
https://docs.docker.com/v17.09/engine/userguide/networking/default_network/binding/
Hi mmodestino!
First, thanks for your response! I realized I was a bit too hasty and didn't really provide a lot of info.
Docker
- Version: 18.03.1
- System: Macbook Pro / macOS 10.13.4
- Image: splunk/splunk
- Run command: docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p "8000:8000" -p "514:514" splunk/splunk
I am attempting to receive a log stream from Heroku (via a log drain, with a target IP and port, which I am using my Mac's current IP address). Splunk listens on Port 514. I know I've setup the drain correctly on the Heroku side. I've got nettop running on my Mac and I see data coming in.
It seems like I need to bridge into the container. So I must have setup the run command incorrectly. Not sure what to do...should I just open all of the ports to the container? Can I do that on a running container?
I appreciate your help!!
-dkillian
when you run sudo lsof -i -n -P | grep UDP
Do you see 514 being served by your mac??
I will try this set up as soon as I can and try and provide the docker config.