Closed mchene closed 7 years ago
I agree with this, it works fine when running a single Splunk instance on a single docker host, but when multiple splunk instances are multiple hosts and forwarding data to a central Splunk instance, it isnt possible to generate the lookups.
I am unable to see most of my stats... I am running the -monitor universal forwarder as a container, and Splunk head+indexer on it's on EC2 instance, where I have app-docker
and ta-dockerlogs_fileinput
installed... I few times a day I can see the container names and graphs, but it will just stop working on it's own ... I am wondering if it has anything to do with this. I am running the 4 forwarders on 4 different ECS instances.
@alvarow can you open up a new issue for this?
Creation and updates of Container ID to Container Name lookup, containername, should be running from the docker app and not the TA that would typically be deployed in a Universal Forwarder and ran as a docker image (1 per docker host) to collect required logs and container meta-data.