New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

File output sink? #52

sokoow opened this Issue Jan 17, 2018 · 3 comments


None yet
3 participants

sokoow commented Jan 17, 2018

Hi All,

Very cool project. One thing I'd find useful would be a file sink, so I can then follow files in Splunk. Would this be a much to do ? Also, if you've no time, I'd like to write it - how do I even start ?


This comment has been minimized.

SEJeff commented Mar 5, 2018

@sokoow you can just have splunk hoover up /var/log/containers/eventrouter*. We do this with our on-premise splunk + k8s and it works just fine. We use the glog sync and it logs to stdout for the eventrouter logs.


This comment has been minimized.

queimadus commented Jun 26, 2018

How do you guys deal with files in var/log/containers being symlinks (to /var/log/pods and to /var/lib/docker/containers)?

@SEJeff do you mount all these directories inside your splunk container for it to hoover?


This comment has been minimized.

SEJeff commented Jun 27, 2018

@queimadus we simply install and config splunk in the host operating system without a container. It would be trivial enough to volume mount those directories into a container if you're running on a host operating system such as Fedora CoreOS / Container Linux / RHEL Atomic Host however.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment