The following OSS contribution covers the following:
- Technical Add-On to collect logs - ta-dockerlogs_fileinput
- Technical Add-On to collect perf stats and meta data - ta-dockerstats
- Splunk Enterprise with a docker app displaying logs and metrics collected from docker data center.
- Technical Add-On to format Universal Control Plane (UCP) syslog - ta-ucplogs-sysloginput
Minimum Requirements:
- Docker Runtime Engine v17.06.2
Want to get going and see the value of this image?Using the following getting started guide, https://github.com/splunk/docker-gettingstarted-conf2016.
-
ta-dockerlogs_fileinput: Uses Splunk's File & Directories monitoring to monitor all files generated by the docker json-file driver. Please read the following docker logging drivers documentation to learn more about the logging options in docker, https://docs.docker.com/engine/admin/logging/overview/.
-
ta-dockerstats: Uses Docker Remote API to collect Inspect, Top, and Events in Splunk; This TA is also used to correlate container ids collected by the ta-dockerlogs_fileinput.
-
ta-ucplogs-sysloginput: is used to transform the UCP syslog (TCP/UDP) data in to a ucp source that can be more efficiently analyzed in Splunk.