Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

splunk-docker-logging-plugin sending logs to Splunk Enterprise but not storing the logs in Docker host machine

charanbr
New Member
‎07-08-2020 03:07 AM

Hi Team,

In general, when we create a Docker container, the logs of that container will be stored in the host machine path /DOCKER_PATH/docker-data/container/CONTAINER_ID/CONTAINER_ID.json. Now, we are using splunk-docker-logging-plugin, after implementing splunk-docker-logging-plugin, the logs file /DOCKER_PATH/docker-data/container/CONTAINER_ID/CONTAINER_ID.json itself is not getting created. The logs are directly pushed to Splunk server but the logs are not getting stored in the container log file(/DOCKER_PATH/docker-data/container/CONTAINER_ID/CONTAINER_ID.json) in the Docker host machine. So can you please confirm whether we can store logs in both the places - 1) Forwarding to Splunk server and 2) Storing the logs in /DOCKER_PATH/docker-data/container/CONTAINER_ID/CONTAINER_ID.json till the container is alive. 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...