Outcold Solutions - Monitoring Kubernetes, OpenShift and Docker in Splunk
Monitoring Docker in Splunk Monitoring Kubernetes in Splunk Monitoring OpenShift in Splunk Monitoring Linux in Splunk Monitoring Windows Containers in Splunk Forwarding Logs to Elasticsearch and OpenSearch Forwarding Logs to QRadar
Documentation Blog Contact Us Pricing Evaluation licenses Partners License Agreement Privacy Policy FAQ
Monitoring Docker
Monitoring Docker

Forward Docker container logs, metrics, and events to Splunk.

Run a single Collectord container per host and forward logs, metrics, and Docker events from every container on the box — automatically.

Install in 5 minutes Read concepts Troubleshooting

Installation

Set up Splunk app, HEC, and run collectord container

Concepts

What Collectord does, the data model, and how configuration layers

Configuration

Config file layout and override settings

Container annotations

Use container labels to control log forwarding behavior

Container labels reference

Full list of every container label grouped by datatype

Splunk indexes

Configure which Splunk indexes receive data

Splunk field extraction

Define search-time field extraction rules for container logs

Splunk HTTP Event Collector

Configure SSL and connection settings for Splunk HEC

Prometheus metrics

Scrape Prometheus metrics from containers

Multiple clusters

Identify and differentiate multiple clusters in Splunk

Object polling

Poll Docker API for container and image data

License server

Distribute license keys across hosts from a central URL

Alerts

Predefined alerts for license, health, and container restarts

Troubleshooting

Run verify command and diagnose common issues

Release history

Changelog of all collectord and Splunk app releases

Upgrade

Step-by-step version upgrade instructions

Security

Image security, container privileges, and Docker API access