how to send the local file using splunk forwarder docker image?

Question

    splunkuniversalforwarder:
        image: splunk/universalforwarder
        environment:
            - SPLUNK_START_ARGS=--accept-license
            - SPLUNK_FORWARD_SERVER=ops-splunkhead02.dop.sfdc.net:9997
            - SPLUNK_USER=root
            - SPLUNK_PASSWORD=xxxx
        ports:
            - 9997:9997

I store the log flie in /var/logs/serviceLog.log (Not in the container but in the local machine)

I don't see the parameter to pass the file path;;; Seems like the splunk forwarder is running in the background and I just realized I never pass the log source variable to the container!

Does anyone perhaps have an idea?

boly38 · Accepted Answer · 2020-07-25T13:02:36.533

0

you will need to add SPLUNK_ADD directive to your sample to specify the behavior.

you can use docker image related documentation to see multiples examples.

I wrote a ready to use splunk docker bootstrap project that will use SPLUNK_ADD to collect logs.

a short extract:

SPLUNK_ADD_2: 'monitor /var/log/app2/ -index docker_file -sourcetype _json'

edited Jul 25 '20 at 13:02

answered Jul 24 '20 at 20:07

boly38

1,806
24
29

how to send the local file using splunk forwarder docker image?

1 Answers1