search

splunk / docker-logging-plugin

Splunk Connect for Docker is a Docker logging plugin that allows docker containers to send their logs directly to Splunk Enterprise or a Splunk Cloud deployment.
Apache License 2.0
65 stars 25 forks source link

Allow use of logging tags in source and sourcetype fields #52

Closed jeffywu closed 5 years ago

jeffywu commented 5 years ago

What would you like to be added: When running docker compose I would like to be able to set the source and sourcetype using the logging tags: https://docs.docker.com/v17.09/engine/admin/logging/log_tags/. This way I can set up a default logging config and have it applied to all my containers:

x-logging:
  &default-logging
  driver: "splunk"
  options:
    splunk-token: "12345678-ABCD-EFGH-IJKL-123456789012"
    splunk-url: "https://localhost:8088"
    splunk-sourcetype: "docker:{{.Name}}"
    splunk-source: "{{.Name}}-{{.ID}}"
    tag: "{{.Name}}-{{.ID}}

Why is this needed: The alternative is to manually set the source and sourcetype on each container in the compose file which is not very user friendly.

dtregonning commented 5 years ago

Thanks for reporting feature request @jeffywu @gp510 - can you look in to what it would take to incorporate this.

gp510 commented 5 years ago

@dtregonning - https://github.com/splunk/docker-logging-plugin/pull/56

gp510 commented 5 years ago

Merged to develop