icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Monitoring Docker - Metrics and Log Forwarding
SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_510250.tgz) 91a6e7f3dada8cf8240e12daf82843da925b9df8a3249108f38152b49a980e5c SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_59240.tgz) 38ecd6fd6f15c4d5ae610551fb3af22a9b421c7f2bea7232910bce8a76623592 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_58231.tgz) a3a6ca6282a3b77684e75c2eb9ccdde1a7335601dc6c7e410315835ed1677678 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_58230.tgz) 24fd0a87013de6b964aa4677c7723b18f397d7d997eac38898ebdf2f564b4f20 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_57220.tgz) 5138e5fcf1680c059b14fe84971b4f4c81faa70b83e1d17832f0707b0c650817 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_56212.tgz) 6f6598942102bd1df47c773af73b0a57cd930aea891f1a7e334b247a5565d04d SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_55202.tgz) 95edf0c47fa268be29d26f7bb9ee68ce8db95a1f8462eb2dea469995f5523a55 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_54201.tgz) af460b5f61c8308d86415e48f4f1e52e87460976aed04186912dcbdd2ff9c91e SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_54200.tgz) 1ee1297cc3ad83c1f04c2aab17fe001225aca2cb63c2edf40bd84e11d2813c89 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_53190.tgz) 566c37e305192f87e1b3d08864f114b5f9550303d9d6567c506481b0ed84579a SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_52180.tgz) c00da4f2f492443788cd6b371edd33e393ab747caa57391e42ae8d9d6cc72cff SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_52176.tgz) 8a85fb372841c3e27002b340d8e208c33dd6686ccd7f7d6a2206161938352263 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_51175.tgz) 33e8f894b725ae0ebbb61222153d7d08b57354c6be9879b8d2ae4716d6396fe8 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_50174.tgz) dcbd1fb5db5e42da31f10229f0916dac64d6348e9a0330ebb125347264d73040 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_3022.tgz) feec31fb5c108d14e6b999b5abbfc25cc0ac83aec91e366cab348fa6abe5bcbb SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_2121.tgz) 126ca8f51519ed989c6a36d91cd355c14260b0fcf62d7b12e9d6ac5512b63db1 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_2118.tgz) d88928aa59bbcd2fa01315d35fb71c59572c19af6ce1050f2378aba66596293d SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_2017.tgz) 4a758677ad003402ba3ed45cb8933723435a0d26b40be417cd94421ceb9eb397 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_103.tgz) 0cd2887383baf703881620eb1e2c7930090e789ae2ff17912565df1c63cf112e SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_101.tgz) 3f4e7ac4322c2d5d8816b394d1418c7aab1ea6d378f4ff91c1af64ee8cd58472 SHA256 checksum (monitoring-docker-metrics-and-log-forwarding_10.tgz) 6308eef0d24b0bc6acac5c0cf38c6370c135a51534a9b3dead5b0b52945797e5
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Monitoring Docker - Metrics and Log Forwarding

Splunk AppInspect Passed
Overview
Details
Focus on your applications, we will take care of infrastructure monitoring and logs forwarding.

Use cases

- Application Monitoring
- Log Aggregation
- Cluster Health Monitoring
- Security and Audit
- Reduce complexity and improve productivity

With 10 minutes setup, you will get a monitoring solution, that includes log aggregation, performance and system metrics, metrics from the control plane and application metrics, a dashboard for reviewing network activity, and alerts to notify you about cluster or application performance issues.

An application requires Collectord built by Outcold Solutions, see https://www.outcoldsolutions.com/docs/monitoring-docker/

Overview

Outcold Solutions provide solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. We offer Splunk applications, which give you insights across all containers environments. We are helping businesses to reduce complexity related to logging and monitoring by providing easy-to-use and deploy solutions for Linux and Windows containers. We deliver applications to help developers monitor their applications and operators to keep their clusters healthy. With the power of Splunk Enterprise and Splunk Cloud, we offer a unique solution to help you keep all the metrics and logs in one place, allowing you to quickly address complex questions on container performance and cluster health.

Description

We provide solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. With 10 minutes setup, you will get a monitoring solution, that includes log aggregation, performance and system metrics, metrics from the control plane and application metrics, a dashboard for reviewing network activity, and alerts to notify you about cluster or application performance issues.
All our solutions are powered by the Collectord, a container-native software built by Outcold Solutions that provides capabilities for discovering, transforming and forwarding logs, collecting system metrics, collecting metrics from the control plane of the orchestration frameworks and forwarding network activity. Collectord provides flexible and powerful tools for transforming logs. With our software you can hide sensitive information from the loglines before forwarding them. With Collectord you can reduce the licensing costs associated with logging aggregation by choosing which data you want to forward from the log streams. Collectord forwards container logs, host logs and can discover logs written by the containerized applications.

Use cases

Application Monitoring

See detailed metrics from containers and processes, including performance metrics, utilization metrics and security insights. Forward application-specific metrics, exported in Prometheus format. Use prebuilt Splunk dashboards for a comprehensive overview.

Log Aggregation

Aggregate logs from containers, applications, and servers. Use flexible mappings to filter logs enriched with container metadata, correlate logs with metrics, and leverage Splunk capabilities for analyzing logs. Use Collectord to transform logs before they reach Splunk, remove sensitive information, remove PII data to help keep your logs GDPR compliant. With Collectord you can reduce licensing and storage costs by choosing which loglines you want to forward.

Cluster Health Monitoring

Diagnose cluster issues by looking at historical events, monitoring allocations, and regulating cluster capacity. Leverage pre-built alerts for monitoring the health of the clusters out of the box.

Security and Audit

Define access to the data by clusters, namespaces and even pods or containers. Review network activities, happening inside your cluster, and outside connections. Verify containers running with elevated security permissions. Use audit logs for monitoring changes in deployments.

Reduce complexity and improve productivity

Use one tool to collect and forward logs and metrics required by developers for reviewing performance and health of their applications. With the annotations developers can define how they want to see the data in log aggregation tool, specify multiline log patterns, removing terminal escape codes, override types, sources and indexes.

Links

Release Notes

Version 5.10.250
June 15, 2019

- Cluster field filters
- Base macro for overriding macros for other macros

Collectord updates:

- Support for volatile and persistent journald storage with default configuration
- Updated YAML configuration to include most common resources
- Better support for overriding sourcetype, that does not require to update the Splunk macros
- Bug fix: rarely when collectord fails to post to HEC it can panic
- Bug fix: better support for OpenShift 4.x and CRI-O storage
- Bug fix: space characters in index annotations can break the pipeline

Version 5.9.240
May 13, 2019

5.9.240 - 2019-05-14
--------------------------------------------------------------------------------
Requires collectorfordocker version 5.9.240 or above (see https://www.outcoldsolutions.com for latest configuration)

- Visual improvements on the graphs for the number of logs and events

Collectord updates:

- Support for multiple Splunk destinations (outputs)
- Support subdomains for annotations (to deploy multiple collectord instances)
- Bug fix: journald input keeps fd open to the rotated files
- Bug fix: fix in the annotation parser for the interval annotations
- Bug fix: fix splunk url selection configuration for multiple splunk URLs

Version 5.8.231
April 25, 2019

5.8.231 - 2019-04-25
--------------------------------------------------------------------------------
- Bug fix: Collectord usage report shows trial licenses for all instances

Version 5.8.230
April 20, 2019

5.8.230 - 2019-04-22
--------------------------------------------------------------------------------
Requires collectorfordocker version 5.8.230 or above (see https://www.outcoldsolutions.com for latest configuration)

- Bug fix: Swarm dashboard does not render containers, when namespace field is not available.
- Use multiselect filters for most dashboards and filters with possibility to input custom filters.
- Reduce dedup usage to improve performance on dashboards.

Collectord updates:

- Bug fix: clogging collectord output with errors when incorrect index is used.
- Bug fix: short lived containers can results in duplicating logs.
- Bug fix: clogging collectord output with warnings when kernel reports incorrect VmRss size.
- Bug fix: annotations cannot override timestamp location for fields extraction.
- Bug fix: verify command reports Journald input in incorrect place.
- Better support for cgroup symlinks, automatically discover correct location.

Version 5.7.220
March 16, 2019

Requires collectorfordocker version 5.7.220 or above (see https://www.outcoldsolutions.com for latest configuration)

- Review savedsearches/alerts to support indexing delay (start searches from 2 minutes behind) and run them in more random time.
- Fixed single value memory panel on host dashboard (missed span)
- Use SEGMENTATION=none for stats events to use less disk space (needs to me moved to indexers)

Collectord updates:

- Support hostname formatting with environment variables in configuration
- New rotated file logic uses less file descriptors and frees rotated files quicker
- Allow to specify a default sampling value for container logs
- Reimplemented shutdown sequence to stop collectord faster
- Allow to override sampling percent with annotations
- New Input: journald

Version 5.6.212
Feb. 19, 2019

5.6.212 - 2019-02-19
--------------------------------------------------------------------------------
Requires collectorfordocker version 5.6.212 or above (see https://www.outcoldsolutions.com for latest configuration)

- New: Alert: high CPU usage on the host.
- Fixed: Splunk usage dashboard - charts do not show the data, when the used indexed aren't searchable by default.
- New: Support Dark theme.
- New: Free text search in Logs dashboard.
- New: Add auto-refresh options to the dashboard.
- Fixed: Revisited CPU limits and requests for Pods and Containers.


Read more https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/

Version 5.5.202
Jan. 23, 2019

5.5.202 - 2019-01-24
--------------------------------------------------------------------------------
Requires collectorfordocker version 5.5.202 or above (see https://www.outcoldsolutions.com for latest configuration)

- New: Dashboard Services -> AWS ECS. Review containers running as an ECS Service.
- New: Dashboard Services -> Swarm Services. Review containers running as a Swarm Service.

Collectord updates:
- Fixed: Interval 0 in Prometheus input can crash the collectord.
- Fixed: When both glob and match are set for the application logs, the glob pattern can block the match pattern from
finding the files in the volume.

Version 5.4.201
Dec. 20, 2018

5.4.201 - 2018-12-19
--------------------------------------------------------------------------------
Requires collectorfordocker version 5.4.201 or above (see https://www.outcoldsolutions.com for latest configuration)

- Fixed: Alerts for licenses issued with AWS Subscriptions

Collectord updates:
- Fixed: Better handling rotated files (less open fd)
- Fixed: Events input can hang in the err loop.

Version 5.4.200
Dec. 16, 2018

5.4 - 2018-12-17
--------------------------------------------------------------------------------
Requires collectorfordocker version 5.4 or above (see https://www.outcoldsolutions.com for latest configuration)

- Compatibility update for collectord 5.4.

Collectord updates:
- New: Attach EC2 metadata fields
- New: Basic Auth for Proxy (License Server and Splunk)
- Fixed: Collectord verifies reports CRI-O as unsupported runtime.
- Fixed: Rare crash on Prometheus metrics definition.
- Fixed: Better handling of acknowledgment database corruption.
- Fixed: When handling incorrect indexes, collectord can send index with an empty string, that Splunk recognize as an incorrect index

Version 5.3.190
Nov. 17, 2018

5.3 - 2018-11-19
--------------------------------------------------------------------------------
Requires collectorfordocker version 5.3 or above (see https://www.outcoldsolutions.com for latest configuration)

- New: Alert for showing when Collectord reports errors in Processing pipelines (as an example if it failed to extract fields).
- New: Alert for showing when Collectord reports warnings.
- New: Alert if lag in the indexing of the data.
- New: Splunk Usage (License usage, number of events) report under Setup.

Read more https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/

Version 5.2.180
Oct. 28, 2018

5.2.180 - 2018-10-28
- Fixed: lookup with alerts causing very often replication activities on SHC

5.2 - 2018-10-15
--------------------------------------------------------------------------------
Requires collectorfordocker version 5.2 or above (see https://www.outcoldsolutions.com for latest configuration)

- New: Review/Storage dashboard based on storage metrics.
- New: predefined alerts to help you monitor the health of the clusters and performance of the applications.
- Fixed: Performance improvements
...

For details https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/

Version 5.2.176
Oct. 15, 2018

5.2 - 2018-10-15
--------------------------------------------------------------------------------
Requires collectorfordocker version 5.2 or above (see https://www.outcoldsolutions.com for latest configuration)

- New: Review/Storage dashboard based on storage metrics.
- New: predefined alerts to help you monitor the health of the clusters and performance of the applications.
- Fixed: Performance improvements
...

For details https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/

Version 5.1.175
Sept. 17, 2018

- New: Network metrics (MB, Packets, Drops, and Errors) for host and containers.
- New: Network socket tables (list of the port that containers and hosts are listening on, connections to external resources).
- New: Network review dashboard to see the list of connection to public services and in private network.
- Improvement: Replace python-based lookup with a ​macro written with eval.
- Improvement: Visual improvement for showing when the object was Last Seen (highlighting and showing minutes ago).
...

For details:
https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/

Version 5.0.174
Sept. 4, 2018

Highlights:

- Support for Application logs
- Show Memory and CPU limits for container lists.
- Visual updates for the panels, highlighting high CPU and Memory usages

For more details

https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/

Version 3.0.22
Feb. 9, 2018

New security dashboard, CPU Shares, Quotas and Memory Limits monitoring.
A lot of of bug fixes and performance improvements.

Relese Notes: https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/#30-2018-02-07
Upgrade instructions: https://www.outcoldsolutions.com/docs/monitoring-docker/upgrade-2-to-3/
Requires collectorfordocker version 3.0 or above (see https://www.outcoldsolutions.com for latest configuration)

Version 2.1.21
Jan. 2, 2018

2.1.21 - 2018-01-02
--------------------------------------------------------------------------------
Requires collectorfordocker version 2.1.59.171209 or above

- Updated author and description

2.1.18 - 2017-12-09
--------------------------------------------------------------------------------
- Implemented collectors dashboard to track number of collectors, their versions
and used licenses.
- Fallback to the process IO statistics when blkio is not available.
- Fix IO statistic graphs, showed average, when sum should be used.
- [collector] Improved resistance for storage failures.
- [collector] License checks reporting.

Version 2.1.18
Dec. 10, 2017

2.1.18 - 2017-12-09
--------------------------------------------------------------------------------
Requires collectorfordocker version 2.1.59.171209 or above

- Implemented collectors dashboard to track number of collectors, their versions
and used licenses.
- Fallback to the process IO statistics when blkio is not available.
- Fix IO statistic graphs, showed average, when sum should be used.
- [collector] Improved resistance for storage failures.
- [collector] License checks reporting.

Version 2.0.17
Oct. 24, 2017

2.0 - 2017-10-22
--------------------------------------------------------------------------------
Requires collectorfordocker version 2.0.37.171023 or above

- Better labels support in Dashboards.
Collector has a breaking feature, replacing format for labels from
`docker_labels_LABEL1=VALUE1` to `docker_labels=[LABEL1=VALUE1,LABEL2=VALUE2]`.
- Process level metrics.
- Uptime for hosts and processes.
- Fields extraction and support in dashboards for docker daemon (setup
host logs collection with collector).
- New top-like dashboards allow to monitor Hosts/Containers/Processes in realtime.
- Improved dashboards navigation.
- Other bugs and improvements based on user feedback.

Version 1.0.3
Oct. 13, 2017

Updated links to official documentation on how to install collector.

Version 1.0.1
Sept. 23, 2017

- App Certification
- Fix layout, time/period synchronization between stat graphs

Version 1.0
Sept. 22, 2017

Initial release
Docker logs, metrics and events in one place

246
Installs
2,747
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.