splunk / docker-logging-plugin

Splunk Connect for Docker is a Docker logging plugin that allows docker containers to send their logs directly to Splunk Enterprise or a Splunk Cloud deployment.
Apache License 2.0
65 stars 25 forks source link

splunk-url incorrect validation error #76

Closed tripptuttle closed 5 months ago

tripptuttle commented 5 months ago

What happened: When trying to start a container, I get this error:

Error response from daemon: failed to create task for container: failed to initialize logging driver: splunk: expected format scheme://dns_name_or_ip:port for splunk-url\n

What you expected to happen: The daemon to start and logs to be sent to splunk. Our HEC endpoint is https://http-inputs-XXXX.splunkcloud.com/services/collector, from which I removed the /services/collector as the plugin requests. I've even tried adding in the :443 port to the name to see if that gets past the url validation. But your own plugin instructions state that no port should be provided

I can send logs in no problem using a curl command to https://http-inputs-XXXX.splunkcloud.com/services/collector or https://http-inputs.XXX.splunkcloud.com/services/collector

My theory is the plugin is validating the URL provided in daemon.json incorrectly.

How to reproduce it (as minimally and precisely as possible):

  1. Setup /etc/docker/daemon.json as follows:
    {
    "data-root": "/opt/orbs/docker",
    "bip": "172.17.1.1/24",
    "log-driver": "splunk-logging-plugin",
    "log-opts": {
    "splunk-url": "https://http-inputs-XXXX.splunkcloud.com/",
    "splunk-token": "<TOKEN>",
    "splunk-insecureskipverify": "true"
    }
    }
  2. Restart docker daemon and run docker compose up on a valid Docker Compose file
  3. Error should happen

Anything else we need to know?:

I have the exact same issue with the built in docker splunk driver AND this splunk docker plugin.

Environment:

Server: Docker Engine - Community Engine: Version: 26.1.3 API version: 1.45 (minimum version 1.24) Go version: go1.21.10 Git commit: 8e96db1 Built: Thu May 16 08:33:39 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.31 GitCommit: e377cd56a71523140ca6ae87e30244719194a521 runc: Version: 1.1.12 GitCommit: v1.1.12-0-g51d5e94 docker-init: Version: 0.19.0 GitCommit: de40ad0

- OS (e.g: `cat /etc/os-release`):

NAME="Red Hat Enterprise Linux" VERSION="9.3 (Plow)"


- Splunk version:
``` cloud ```
- Others:
tripptuttle commented 5 months ago

We got Splunk logging working with the built-in docker driver instead of this plugin, so closing this issue.