Splunk Connect for Docker is a Docker logging plugin that allows docker containers to send their logs directly to Splunk Enterprise or a Splunk Cloud deployment.
What happened:
When trying to start a container, I get this error:
Error response from daemon: failed to create task for container: failed to initialize logging driver: splunk: expected format scheme://dns_name_or_ip:port for splunk-url\n
What you expected to happen:
The daemon to start and logs to be sent to splunk. Our HEC endpoint is https://http-inputs-XXXX.splunkcloud.com/services/collector, from which I removed the /services/collector as the plugin requests. I've even tried adding in the :443 port to the name to see if that gets past the url validation. But your own plugin instructions state that no port should be provided
I can send logs in no problem using a curl command to https://http-inputs-XXXX.splunkcloud.com/services/collector or https://http-inputs.XXX.splunkcloud.com/services/collector
My theory is the plugin is validating the URL provided in daemon.json incorrectly.
How to reproduce it (as minimally and precisely as possible):
What happened: When trying to start a container, I get this error:
What you expected to happen: The daemon to start and logs to be sent to splunk. Our HEC endpoint is
https://http-inputs-XXXX.splunkcloud.com/services/collector
, from which I removed the/services/collector
as the plugin requests. I've even tried adding in the :443 port to the name to see if that gets past the url validation. But your own plugin instructions state that no port should be providedI can send logs in no problem using a curl command to
https://http-inputs-XXXX.splunkcloud.com/services/collector
orhttps://http-inputs.XXX.splunkcloud.com/services/collector
My theory is the plugin is validating the URL provided in daemon.json incorrectly.
How to reproduce it (as minimally and precisely as possible):
/etc/docker/daemon.json
as follows:docker compose up
on a valid Docker Compose fileAnything else we need to know?:
I have the exact same issue with the built in docker splunk driver AND this splunk docker plugin.
Environment:
docker version
):Server: Docker Engine - Community Engine: Version: 26.1.3 API version: 1.45 (minimum version 1.24) Go version: go1.21.10 Git commit: 8e96db1 Built: Thu May 16 08:33:39 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.31 GitCommit: e377cd56a71523140ca6ae87e30244719194a521 runc: Version: 1.1.12 GitCommit: v1.1.12-0-g51d5e94 docker-init: Version: 0.19.0 GitCommit: de40ad0
NAME="Red Hat Enterprise Linux" VERSION="9.3 (Plow)"