github.com/hustcat/docker@v1.3.3-0.20160314103604-901c67a8eeab/docs/admin/logging/splunk.md (about) 1 <!--[metadata]> 2 +++ 3 aliases = ["/engine/reference/logging/splunk/"] 4 title = "Splunk logging driver" 5 description = "Describes how to use the Splunk logging driver." 6 keywords = ["splunk, docker, logging, driver"] 7 [menu.main] 8 parent = "smn_logging" 9 weight = 2 10 +++ 11 <![end-metadata]--> 12 13 # Splunk logging driver 14 15 The `splunk` logging driver sends container logs to 16 [HTTP Event Collector](http://dev.splunk.com/view/event-collector/SP-CAAAE6M) 17 in Splunk Enterprise and Splunk Cloud. 18 19 ## Usage 20 21 You can configure the default logging driver by passing the `--log-driver` 22 option to the Docker daemon: 23 24 docker daemon --log-driver=splunk 25 26 You can set the logging driver for a specific container by using the 27 `--log-driver` option to `docker run`: 28 29 docker run --log-driver=splunk ... 30 31 ## Splunk options 32 33 You can use the `--log-opt NAME=VALUE` flag to specify these additional Splunk 34 logging driver options: 35 36 | Option | Required | Description | 37 |-----------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 38 | `splunk-token` | required | Splunk HTTP Event Collector token. | 39 | `splunk-url` | required | Path to your Splunk Enterprise or Splunk Cloud instance (including port and schema used by HTTP Event Collector) `https://your_splunk_instance:8088`. | 40 | `splunk-source` | optional | Event source. | 41 | `splunk-sourcetype` | optional | Event source type. | 42 | `splunk-index` | optional | Event index. | 43 | `splunk-capath` | optional | Path to root certificate. | 44 | `splunk-caname` | optional | Name to use for validating server certificate; by default the hostname of the `splunk-url` will be used. | 45 | `splunk-insecureskipverify` | optional | Ignore server certificate validation. | 46 | `tag` | optional | Specify tag for message, which interpret some markup. Default value is `{{.ID}}` (12 characters of the container ID). Refer to the [log tag option documentation](log_tags.md) for customizing the log tag format. | 47 | `labels` | optional | Comma-separated list of keys of labels, which should be included in message, if these labels are specified for container. | 48 | `env` | optional | Comma-separated list of keys of environment variables, which should be included in message, if these variables are specified for container. | 49 50 If there is collision between `label` and `env` keys, the value of the `env` takes precedence. 51 Both options add additional fields to the attributes of a logging message. 52 53 Below is an example of the logging option specified for the Splunk Enterprise 54 instance. The instance is installed locally on the same machine on which the 55 Docker daemon is running. The path to the root certificate and Common Name is 56 specified using an HTTPS schema. This is used for verification. 57 The `SplunkServerDefaultCert` is automatically generated by Splunk certificates. 58 59 docker run --log-driver=splunk \ 60 --log-opt splunk-token=176FCEBF-4CF5-4EDF-91BC-703796522D20 \ 61 --log-opt splunk-url=https://splunkhost:8088 \ 62 --log-opt splunk-capath=/path/to/cert/cacert.pem \ 63 --log-opt splunk-caname=SplunkServerDefaultCert 64 --log-opt tag="{{.Name}}/{{.FullID}}" 65 --log-opt labels=location 66 --log-opt env=TEST 67 --env "TEST=false" 68 --label location=west 69 your/application