We have already enabled the Splunk logging driver, but this forwards logs from inside the containers. I want to capture the docker system-level events, as you would see from this command:
docker events --filter event=stop --since '60m'
https://docs.docker.com/engine/reference/commandline/system_events/
I see this app (not approved for cloud). Are there any other options?
https://splunkbase.splunk.com/app/6113
https://github.com/quzen/docker_analyzer/blob/main/bin/docker_events.py