When using the Docker Splunk logging driver to send events into the http collector splunk logs individual logs like this:
{"line":"the message","source":"stdout","tag":"container tag"}
Unfortunately, for stacktraces from tomcat/log4j, it will separate them into multiple log events per line for the stacktrace, bottom line first, like this:
{"line":"\tat java.lang.Thread.run(Thread.java:745)\r","source":"stdout","tag":"33f25cc98f0c"}
{"line":"\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)\r","source":"stdout","tag":"33f25cc98f0c"}
{"line":"\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)\r","source":"stdout","tag":"33f25cc98f0c"}
This makes is it nearly impossible to use. Does anybody know a way to either combine them in Splunk or get tomcat to spit them out in a single line?
Hope someone out there are able to help.
... View more