splunkuniversalforwarder:
image: splunk/universalforwarder
environment:
- SPLUNK_START_ARGS=--accept-license
- SPLUNK_FORWARD_SERVER=ops-splunkhead02.dop.sfdc.net:9997
- SPLUNK_USER=root
- SPLUNK_PASSWORD=xxxx
ports:
- 9997:9997
I store the log flie in /var/logs/serviceLog.log (Not in the container but in the local machine)
I don't see the parameter to pass the file path;;; Seems like the splunk forwarder is running in the background and I just realized I never pass the log source variable to the container!
Does anyone perhaps have an idea?
you will need to add SPLUNK_ADD directive to your sample to specify the behavior.
you can use docker image related documentation to see multiples examples.
I wrote a ready to use splunk docker bootstrap project that will use SPLUNK_ADD to collect logs.
a short extract:
SPLUNK_ADD_2: 'monitor /var/log/app2/ -index docker_file -sourcetype _json'