Open Carles-Figuerola opened 4 years ago
Hi @Carles-Figuerola , there is a Docker environment variable called SPLUNK_LOGGING_DRIVER_JSON_LOGS that controls this logging. Set it to "false" to only send the logs to Splunk.
hey @gp510,
Many thanks for the prompt response. I changed the environment variables for docker:
# cat /proc/$(pgrep dockerd)/environ | tr '\0' '\n' | grep JSON_LOGS
SPLUNK_LOGGING_DRIVER_JSON_LOGS=false
But I still see the plugin /var/log
folder increasing in size and I can still docker logs <sha>
Is there anything else I'm supposed to do other than adding the environment variable and restarting the docker daemon?
Same issue here. I expected the JSON logs are cleaned up after a container was removed, but that doesn't seem to be the case. So the option is quite dangerous and this should be mentioned in the readme. Probably the default of the ENV var should be "false" too.
How can old logs be cleaned up? Can they simple be deleted?
We have just found that all the logs sent to splunk are also logged to disk.
The logs persist even through docker service restart or even when the containers are stopped and deleted from the server.
There isn't any indication on the readme for this plugin that the logs would be written to disk as this should be a streaming plugin to send the logs elsewhere.