Docker 1.13 with improved Splunk Logging Driver

The evolution of Splunk and Docker continues!   In the early days (2015) of Splunk and Docker we recommended using the native syslog logging driver in Docker Engine.  In Feburary of 2016, Docker 1.10 came out and we contributed the first version of Splunk Logging Driver in Docker 1.10.  Since that first release we have seen huge adoption. After reviewing feedback and thinking about what is needed for Splunk environments with Docker, we’ve added a bunch of new features!

When I wrote this blog post, Docker 1.13 was still in Release Candidate stage. If …

» Continue reading

Splunk Logging Driver for Docker

With Splunk 6.3 we introduced HTTP Event Collector which offers a simple, high volume way to send events from applications directly to Splunk Enterprise and Splunk Cloud for analysis. HTTP Event Collector makes it possible to cover more cases of collecting logs including from Docker. Previously I blogged on using the Splunk Universal Forwarder to collect logs from Docker containers.

Today following up on Docker’s press release, we’re announcing early availability in the Docker experimental branch of a new log driver for Splunk. The driver uses the HTTP Event Collector to allow forwarder-less collection of your Docker logs. If you are not familiar yet with the Event Collector check out this blog post.

You can get the new Splunk Logging

» Continue reading

Collecting docker logs and stats with Splunk

I’m working at Splunk, but this is my personal thoughts. I have some knowledge about Splunk obviously, but you should not consider this as an official Splunk manual. Everything I did here – I did only for my personal needs and my free time.

You cannot really feel safe for the services you run if you don’t monitor them. There are plenty of great tools which allow you to monitor your docker environments, like cadvisor and some other cloud solutions. I did not want to use cloud solutions, because they can also upload some sensitive information, like environment variables, where I could keep passwords for AWS backups. So I wanted to use something like cadvisor, but with historical information and …

» Continue reading

How to debug Django applications with pdb, PyCharm, and Visual Studio

Using a debugger is a common way to find out what is wrong with your application, but debugging a Django application in Splunk might not be so obvious. But it is possible, and I’ll show you how using pdb, PyCharm, and Visual Studio.

Disclaimer: Don’t try this in a production environment.

Python interpreter

Splunk ships with a Python interpreter. To launch it, use the splunk cmd command (see Command line tools for use with Support):


%SPLUNK_HOME%\bin > splunk.exe cmd python

Mac OS / Linux

$SPLUNK_HOME/bin $ ./splunk cmd python

To help run this command, let’s create a couple of small shell scripts under $SPLUNK_HOME/bin:

Windows (save it as python_splunk.cmd)

"%~dp0\splunk.exe" cmd python %*

Mac OS / Linux

» Continue reading

My experience of building Splunk application

I joined Splunk a couple weeks ago and my first challenge was to learn everything I could about how to build Splunk applications. The best way of doing that is just to write your own application – and this is exactly what I did.

Application which I wrote contains two parts. The first part of application is a very simple scripted input for Firebase, the second part of application is built with the Splunk Web Framework that shows you objects and their routes on Google Maps using both real-time or playback historic information.

I hope that my experience can give you some thoughts about how you can extend Splunk for your needs.…

» Continue reading