Skip to content
This repository has been archived by the owner. It is now read-only.
Splunk Light with Docker Dashboards
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples
.dockerignore
Dockerfile
LICENSE
README.md
docker-compose.yml
docker.xml
docker_container.xml
inputs.conf

README.md

IMPORTANT: Please look on our solutions for Collecting Logs and Metrics from Docker and Kuberenetes https://www.outcoldsolutions.com Current repo is not supported.

Table of Contents

Supported tags

  • latest

Introduction

NOTE: I'm working at Splunk, but this is not an official Splunk images. I build them in my free time when I'm not at work. I have some knowledge about Splunk, but you should think twice before putting them in production. I run these images on my own home server just for my personal needs. If you have any issues - feel free to open a bug.

Dockerfile to build Splunk Light image with predefined dashboards which work great with docker-stats-splunk-forwarder.

Version

  • Splunk Light: latest

Installation

Pull the image from the docker registry. This is the recommended method of installation as it is easier to update image. These builds are performed by the Docker Trusted Build service.

docker pull outcoldman/docker-stats-splunk:latest

Or you can pull latest version.

docker pull outcoldman/docker-stats-splunk:latest

Alternately you can build the image locally.

git clone https://github.com/outcoldman/docker-stats-splunk.git
cd docker-stats-splunk
docker build --tag="$USER/docker-stats-splunk" .

Quick Start

To manually start container (see more details in description for outcoldman/splunk and outcoldman/docker-stats-splunk-forwarder images)

docker run --name vsplunk \
    -v /opt/splunk/etc \
    -v /opt/splunk/var \
    busybox
docker run --hostname splunk \
    --name splunk \
    --volumes-from=vsplunk \
    -p 8000:8000 \
    -d outcoldman/docker-stats-splunk:latest
docker run --hostname dockerforwarder \
    --name dockerforwarder \
    --link=splunk \
    --volume /var/run/docker.sock:/var/run/docker.sock:ro \
    -e "SPLUNK_FORWARD_SERVER=splunk:9997" \
    -d outcoldman/docker-stats-splunk-forwarder:latest

Or if you use docker-compose

vsplunk:
  image: busybox
  volumes:
    - /opt/splunk/etc
    - /opt/splunk/var

splunk:
  image: outcoldman/docker-stats-splunk:latest
  hostname: splunk
  volumes_from:
    - vsplunk
  ports:
    - 8000:8000

dockerforwarder:
  image: outcoldman/docker-stats-splunk-forwarder:latest
  hostname: dockerforwarder
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
  links:
    - splunk
  environment:
    - SPLUNK_FORWARD_SERVER=splunk:9997

Configuration

See docker-splunk for more details.

Examples

Open Splunk (port 8000 is used by default for web interface), go to the Dashboards and you will see 2 Dashboards.

Docker

  • CPU% (800% because of 8 cores)
  • Memory Usage (one line is the maximum limit, another is how much is used right now)
  • CPU usage per container
  • Memory Usage per container (% of limit)
  • Network Input per container
  • Network Output per container
  • Disk Input per container
  • Disk Output per container
  • Last Events (excluding top as I query it regularly)
  • Top processes from all container

Splunk Docker Dashboard 01

Splunk Docker Dashboard 02

Docker container

  • Top processes
  • Last events

Splunk Docker Dashboard per container

You can’t perform that action at this time.