search

splunk / docker-logging-plugin

Splunk Connect for Docker is a Docker logging plugin that allows docker containers to send their logs directly to Splunk Enterprise or a Splunk Cloud deployment.
Apache License 2.0
65 stars 25 forks source link

Support Fields #48

Open sylvanaar opened 5 years ago

sylvanaar commented 5 years ago

HEC supports passing additional fields that are not directly part of the event data. This is useful for example to provide additional metadata about the events beyond just the sourcename.

https://docs.splunk.com/Documentation/Splunk/7.2.1/Data/IFXandHEC

dtregonning commented 5 years ago

Agreed - we'll look to add this functionality

dtregonning commented 5 years ago

Meta-Data support for Docker - assigning to self

stephenwood4-nhs commented 2 years ago

Hi @dtregonning This feature would meet our use case perfectly. We want to be able to specify the Splunk index from within the application logs, and unfortunately there is no simple way of doing this with the current version of the Splunk docker logging driver. I note this issue has been open for 3 years, I'm surprised there isn't more interest. Do you know if there is a plan to include this at all? Thanks