Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adding support to forward containers output to splunk via hec connector #340

Open
dbloms opened this issue Jun 1, 2022 · 8 comments
Open

adding support to forward containers output to splunk via hec connector #340

dbloms opened this issue Jun 1, 2022 · 8 comments

Comments

@dbloms
Copy link

dbloms commented Jun 1, 2022

We do currently use docker on Debian 11 and let the containers log on stdout through the
Splunk logging driver (https://docs.docker.com/config/containers/logging/splunk/) via HEC (https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector) into Splunk.

In term of docker-compose this gives us the possibility to configure Splunk-logging on a per deployment basis, which is very comfortable as well as independent of any central configuration.

We would like to move to Podman on RHEL8 servers. Everything works fine so far, but we didn't find a way to log stdout of the containers via the HEC interface into Splunk, as the currently available podman version 4 does not provide such a splunk logging driver.

Is there a solution on the part of Podman to log the output of the containers into Splunk.

If not, is it possible to commission a corresponding development against payment?

I opened a feature request in the podman repo and I was told to open the request in this repo.
@chillout2k
Copy link

@dbloms: we do also use the the splunk logging driver in our docker deployments and we would be very pleased if podman would support it too. From my point of view this logging driver is an important feature to make podman a real drop-in-replacement for docker in (splunk-specific) production environments.

Thanks in advance :)

@andreasschulze
Copy link

this would be valueable also for me

@rhatdan
Copy link
Member

rhatdan commented Jun 1, 2022

This seams reasonable to me. Do we do this in conmon or conmon-rs is the question?
@haircommander @vrothberg @mheon @wdyt?

@haircommander
Copy link
Collaborator

I think adding in conmon-rs would be easier (assuming podman integration happens in a timely manner).

@chillout2k
Copy link

@haircommander, @rhatdan: ping ;-)

Is it possible to push this feature request? @dbloms offered to pay for it if possible 👍

This might be interesting too: moby/moby#16207

@rhatdan
Copy link
Member

rhatdan commented Jun 12, 2022

You should open the issue in conmon-rs

@dbloms dbloms mentioned this issue Jun 21, 2022
Open
@mehdik2023
Copy link

As mentioned in conmon-rs issue, am trying to raise this feature request in the list.

@Petaris
Copy link

Petaris commented Oct 8, 2024

This is also an issue for us. We currently use this feature in Docker and would not like to loose it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@rhatdan @Petaris @haircommander @dbloms @andreasschulze @chillout2k @mehdik2023