Outcold Solutions LLC

Monitoring Docker - Version 5

Upgrade instructions

Upgrade from version 3 to 5

1. Upgrade application

Download version 5 from SplunkBase and upgrade it in Splunk. Or perform in-place upgrade if you have downloaded our application from the app browser in Splunk.

2. Upgrade collector

Upgrade collector in your configuration (compose file or any other way you deploy collector) to latest version outcoldsolutions/collectorfordocker:5.12.272.

Update your configuration:

  • Since version 5 we map docker root folder (/var/lib/docker/:/rootfs/var/lib/docker/) instead of containers folder (/var/lib/docker/containers/:/rootfs/var/lib/docker/containers/). This change allows us to auto-discover application logs.
  • Since version 5 we map all host folders under /rootfs inside the container. Verify how you map the folders, compare to our Installation instructions.
  • Since version 5 the default configuration file located in /config/001-general.conf instead of /config/collector.conf. If you used to override the configuration, please read the configuration page and update your configuration files.

Upgrade from version 5.0 to 5.1

Version 5.1 is a minor upgrade, that includes Performance improvements, Usability improvements, and capability of forwarding Network Metrics. For more details, please read Release History.

Network metrics are defined under input.net_stats (metrics) and input.net_socket_table (table of network connection). If you override indexes for various types of data, make sure to update these metrics as well.

Upgrade from version 5.1 to 5.2

Version 5.2 is a minor upgrade, that includes Performance improvements, Usability improvements, and capability of forwarding Docker and Kubelet runtime storage metrics (one additional event per host once in 30 seconds). For more details, please read Release History.

Mount metrics are defined under input.mount_stats. If you override indexes for various types of data, make sure to update these metrics as well.

Additionally we introduced devnull output, that allows you to disable collection of logs or metrics for specific containers.

With version 5.2 we predefined several alerts, that can help you to monitor the health of your clusters and performance of your applications.

Upgrade from version 5.2 to 5.3

Version 5.3 is a minor upgrade. Simple upgrade the Splunk application and the image. In the configuration file, you can find one new key group for [input.net_socket_table], that can significantly reduce licensing cost for the network socket table data.

Upgrade from version 5.3 to 5.4

Upgrade the application in Splunk and collectorfordocker. No additional configurations has been added.

Upgrade from version 5.4 to 5.5

Upgrade the application in Splunk and collectorfordocker. No additional configurations has been added.

Upgrade from version 5.5 to 5.6

Upgrade the application in Splunk and collectorfordocker. There are few parts in ConfigMap are new. You have not put them in your configuration, only if you are intending to use them.

  1. Under [input.files:*] two new keys samplingPercent and samplingKey for enabling sampling.

  2. The output [output.splunk] can now limit by the number of events in payload with events key.

Upgrade from version 5.6 to 5.7

Upgrade the application in Splunk and collectorfordocker. New input is implemented input.journald, see configuration. If you have journald enabled and also forwarding messages to /var/log/messages or /var/log/syslog files, to make sure that you aren't going to forward the same host logs twice you can disable rsyslog on the system (or any other alternative) and specify from what timestamp you want Collectord to pick up journald logs

--env "COLLECTOR__JOURNALD_START=input.journald__startFromRel=-1h" \

To disable journald input

--env "COLLECTOR__JOURNALD_DISABLED=input.journald__disabled=true" \

Upgrade from version 5.7 to 5.8

Upgrade the application in Splunk and collectorfordocker. No additional configurations has been added.

Upgrade from version 5.8 to 5.9

Upgrade the application in Splunk and collectorfordocker. See release notes for the new features (including capabilities to stream API Objects and support for multiple Splunk Clusters).

Upgrade from version 5.9 to 5.10

Upgrade the application in Splunk and collectorfordocker.

Upgrade from version 5.10 to 5.11

Upgrade the application in Splunk and collectorfordocker.

Upgrade from version 5.11 to 5.12

Upgrade the application in Splunk and collectorfordocker. Monitoring Docker application version 5.12 is backward compatible with the previous version of collectorfordocker. Stats input.system_stats have dedicated values for disabled, type and output. For backward compatibility Collectord accepts unified values from previous configurations. In the application there are two new macros macro_docker_stats_host and macro_docker_stats_cgroup, for backward compatibility they depend on the macro_docker_stats macro. Several inputs have new types, including input.system_stats, input.proc_stats and input.net_stats.


About Outcold Solutions

Outcold Solutions provides solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. We offer certified Splunk applications, which give you insights across all containers environments. We are helping businesses reduce complexity related to logging and monitoring by providing easy-to-use and deploy solutions for Linux and Windows containers. We deliver applications, which help developers monitor their applications and operators to keep their clusters healthy. With the power of Splunk Enterprise and Splunk Cloud, we offer one solution to help you keep all the metrics and logs in one place, allowing you to quickly address complex questions on container performance.