docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: tier 1 freshness: content/config/containers/logging/splunk.md 

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson 2023-10-27 15:14:35 +02:00
parent 5c1b17beb7
commit ec07c18734
1 changed files with 77 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
content/config/containers/logging/splunk.md
View File

@ -1,5 +1,5 @@
---
description: Describes how to use the Splunk logging driver.
description: Learn how to use the Splunk logging driver with Docker Engine
keywords: splunk, docker, logging, driver
title: Splunk logging driver
aliases:
@ -52,7 +52,7 @@ To use the `splunk` driver for a specific container, use the commandline flags
## Splunk options
The following properties let you configure the splunk logging driver.
The following properties let you configure the Splunk logging driver.
- To configure the `splunk` driver across the Docker environment, edit
`daemon.json` with the key, `"log-opts": {"NAME": "VALUE", ...}`.
@ -60,7 +60,7 @@ The following properties let you configure the splunk logging driver.
with the flag, `--log-opt NAME=VALUE ...`.
| Option | Required | Description |
|:----------------------------|:---------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| :-------------------------- | :------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `splunk-token` | required | Splunk HTTP Event Collector token. |
| `splunk-url` | required | Path to your Splunk Enterprise, self-service Splunk Cloud instance, or Splunk Cloud managed cluster (including port and scheme used by HTTP Event Collector) in one of the following formats: `https://your_splunk_instance:8088`, `https://input-prd-p-XXXXXXX.cloud.splunk.com:8088`, or `https://http-inputs-XXXXXXXX.splunkcloud.com`. |
| `splunk-source` | optional | Event source. |
@ -70,7 +70,7 @@ The following properties let you configure the splunk logging driver.
| `splunk-caname` | optional | Name to use for validating server certificate; by default the hostname of the `splunk-url` is used. |
| `splunk-insecureskipverify` | optional | Ignore server certificate validation. |
| `splunk-format` | optional | Message format. Can be `inline`, `json` or `raw`. Defaults to `inline`. |
| `splunk-verify-connection` | optional | Verify on start, that docker can connect to Splunk server. Defaults to true. |
| `splunk-verify-connection` | optional | Verify on start, that Docker can connect to Splunk server. Defaults to true. |
| `splunk-gzip` | optional | Enable/disable gzip compression to send events to Splunk Enterprise or Splunk Cloud instance. Defaults to false. |
| `splunk-gzip-level` | optional | Set compression level for gzip. Valid values are -1 (default), 0 (no compression), 1 (best speed) ... 9 (best compression). Defaults to [DefaultCompression](https://golang.org/pkg/compress/gzip/#DefaultCompression). |
| `tag` | optional | Specify tag for message, which interpret some markup. Default value is `{{.ID}}` (12 characters of the container ID). Refer to the [log tag option documentation](log_tags.md) for customizing the log tag format. |
@ -91,7 +91,6 @@ The path to the root certificate and Common Name is specified using an HTTPS
scheme. This is used for verification. The `SplunkServerDefaultCert` is
automatically generated by Splunk certificates.
```console
$ docker run \
--log-driver=splunk \
@ -107,7 +106,6 @@ $ docker run \
your/application
```
The `splunk-url` for Splunk instances hosted on Splunk Cloud is in a format
like `https://http-inputs-XXXXXXXX.splunkcloud.com` and does not include a
port specifier.
@ -117,6 +115,9 @@ port specifier.
There are three logging driver messaging formats: `inline` (default), `json`,
and `raw`.
{{< tabs >}}
{{< tab name="Inline" >}}
The default format is `inline` where each log message is embedded as a string.
For example:
@ -144,12 +145,12 @@ For example:
}
```
> **Note**: If your messages are JSON objects, you may want to embed them in the
> message we send to Splunk.
{{< /tab >}}
{{< tab name="JSON" >}}
To format messages as `json` objects, set `--log-opt splunk-format=json`. The
driver trys to parse every line as a JSON object and send it as an embedded
object. If it cannot parse the message, it is sent `inline`. For example:
driver attempts to parse every line as a JSON object and send it as an embedded
object. If it can't parse the message, it's sent `inline`. For example:
```json
{
@ -177,6 +178,9 @@ object. If it cannot parse the message, it is sent `inline`. For example:
}
```
{{< /tab >}}
{{< tab name="Raw" >}}
To format messages as `raw`, set `--log-opt splunk-format=raw`. Attributes
(environment variables and labels) and tags are prefixed to the message. For
example:
@ -186,13 +190,17 @@ MyImage/MyContainer env1=val1 label1=label1 my message
MyImage/MyContainer env1=val1 label1=label1 {"foo": "bar"}
```
{{< /tab >}}
{{< /tabs >}}
## Advanced options
Splunk Logging Driver allows you to configure few advanced options by specifying next environment variables for the Docker daemon.
The Splunk logging driver lets you configure a few advanced options by setting
environment variables for the Docker daemon.
| Environment variable name | Default value | Description |
|:-------------------------------------------------|:--------------|:---------------------------------------------------------------------------------------------------------------------------------------------------|
| `SPLUNK_LOGGING_DRIVER_POST_MESSAGES_FREQUENCY` | `5s` | If there is nothing to batch how often driver posts messages. You can think about this as the maximum time to wait for more messages to batch. |
| `SPLUNK_LOGGING_DRIVER_POST_MESSAGES_BATCH_SIZE` | `1000` | How many messages driver should wait before sending them in one batch. |
| `SPLUNK_LOGGING_DRIVER_BUFFER_MAX` | `10 * 1000` | If driver cannot connect to remote server, what is the maximum amount of messages it can hold in buffer for retries. |
| `SPLUNK_LOGGING_DRIVER_CHANNEL_SIZE` | `4 * 1000` | How many pending messages can be in the channel which is used to send messages to background logger worker, which batches them. |
| :----------------------------------------------- | :------------ | :--------------------------------------------------------------------------------------------------------------------------------------- |
| `SPLUNK_LOGGING_DRIVER_POST_MESSAGES_FREQUENCY` | `5s` | The time to wait for more messages to batch. |
| `SPLUNK_LOGGING_DRIVER_POST_MESSAGES_BATCH_SIZE` | `1000` | The number of messages that should accumulate before sending them in one batch. |
| `SPLUNK_LOGGING_DRIVER_BUFFER_MAX` | `10 * 1000` | The maximum number of messages held in buffer for retries. |
| `SPLUNK_LOGGING_DRIVER_CHANNEL_SIZE` | `4 * 1000` | The maximum number of pending messages that can be in the channel used to send messages to background logger worker, which batches them. |