Container ID to Container Name lookup should be moved to Docker App

[mchene]

Creation and updates of Container ID to Container Name lookup, containername, should be running from the docker app and not the TA that would typically be deployed in a Universal Forwarder and ran as a docker image (1 per docker host) to collect required logs and container meta-data.

[livehybrid]

I agree with this, it works fine when running a single Splunk instance on a single docker host, but when multiple splunk instances are multiple hosts and forwarding data to a central Splunk instance, it isnt possible to generate the lookups.

[alvarow]

I am unable to see most of my stats... I am running the -monitor universal forwarder as a container, and Splunk head+indexer on it's on EC2 instance, where I have app-docker and ta-dockerlogs_fileinput installed... I few times a day I can see the container names and graphs, but it will just stop working on it's own ... I am wondering if it has anything to do with this. I am running the 4 forwarders on 4 different ECS instances.

[halr9000]

@alvarow can you open up a new issue for this?

[mchene]

in review, https://github.com/splunk/docker-itmonitoring/pull/6

[mchene]

Fixed in https://github.com/splunk/docker-itmonitoring/pull/6.