icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Splunkbase will be undergoing a scheduled migration and will be unavailable on Saturday, Oct 1, 2022, from 11AM to 3PM PDT

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Docker Simple TA
SHA256 checksum (docker-simple-ta_113.tgz) 8449311eed202abada6aeeb6f4d044510c3c02126fbfdb560175691c0fdf4e7c SHA256 checksum (docker-simple-ta_112.tgz) 7c0d660f44b00e24a8e3840dfbff06f85f30b6e9793969713217c74ae71aa16a SHA256 checksum (docker-simple-ta_111.tgz) bca784aedf9d9ff002a291208e5515e89a02ac9577e9574f0f140725719e74d7 SHA256 checksum (docker-simple-ta_110.tgz) e6b344348aa85865706a65f0f439627a4a4eaa5e54e8ac68815ea379d619ad7e SHA256 checksum (docker-simple-ta_100.tgz) f81a5c332b19d47ec0758d52d3cc61c683f132fbab4232bf78fe2886c6d18db4
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


Docker Simple TA

Splunk Cloud
Docker monitoring designed for simple and small docker environments.

Free and does not require CollectD

This is the technology add-on component which contains the data inputs, parsing and search time knowledge objects. See the "Docker Simple" app for some dashboards that use the data from this technology add-on.

Source code | Feature requests and bugs | My other apps


This TA will collect metrics from the docker host using commands such as docker stats and docker ps.
It is called "docker simple" because it is suited for small, simple docker environments.
I created this app becuase I needed to monitor my home docker environment and I couldn't figure out how to do it in a simple manner.
The app is a fork of this: https://github.com/splunk/docker-itmonitoring/tree/master/ta-dockerstats

If you have docker swarms, use kubernetes or have anything remotely complex then you should instead consider using a different solution, such as:
- Outcold add-on here: https://splunkbase.splunk.com/app/3723/ (Note: this is a paid app)
- CollectD to a HTTP Event Collector input (More info in Marc's 2017 .conf talk at bottom of this page)
- Splunk official: https://github.com/splunk/splunk-connect-for-kubernetes
- Whatever else you can find...

Contents and requirements

This app contains a couple of shell scripts for data collection, some inputs that are disabled by default, some parsing properties and some search-time field extractions.
This app does not require python but the inventory script does use the "jq" command line tool. This comes default on most linux environments.
The shell scripts call docker commands and by default these are restricted to root. As such you will need to run the UF as root or come up with your own solution (see: https://docs.docker.com/engine/install/linux-postinstall/) also see note below about running in a container).
This TA does not require changing the default container logging agent and reads the JSON logs directly. There is a disabled input to read the default docker logs from the default location of /var/lib/docker/containers/*/*json.log.


Typically you would run this TA on a universal forwarder, probably via a deployment server. In any case, like most other TA's you should do this:
1. Create an index to receive your data
2. Install this TA onto your Search Head(s),
3. Install this TA and onto your Indexer/s or heavy forwarder/s (That is, if your data goes through a heavy forwarder)
4. Create a local/ folder in this TA
5. Copy default/inputs.conf.example to local/
6. Rename it to "inputs.conf"
7. Edit the file and set:
- Which inputs will not be disabled
- The index to send the data to
- Your desired polling rate
8. Save the TA (if necessary deploy it) and restart the UF.
9. Optionally get and install the pre-canned dashboards in the "Docker Simple" app: https://splunkbase.splunk.com/app/4467/

Collecting metrics from within a container

It is possible to collect metrics from within a docker container if you mount the docker socket like so: -v /var/run/docker.sock:/var/run/docker.sock and also install the docker CLI tools into the container.


Thank you to Marc Chéné who did most of the original work on which this TA is based.
Go watch his conf talk here: https://conf.splunk.com/conf-online.html?search=IT123634#/


Copyright (C) 2019 Chris Younger
I am a Splunk Professional Services consultant working for JDS Australia (https://www.jds.net.au), in Brisbane Australia.

Third party software

The following third-party libraries are used by this app. Thank you!

Release Notes

Version 1.1.3
Feb. 8, 2021

v1.1.3 - Update docker_simple_inventory.sh script so it no longer includes environment variables (becuase they often include plain text passwords) (Thank you securitypimp)

v1.1.2 - Fix regex for new docker stats format (Thank you JRitzer)

v1.1.0 - Fix bug where containers with no mounts would not appear. (Thank you DVeneziano)

Version 1.1.2
June 16, 2020

v1.1.2 - Fix regex for new docker stats format (Thank you JRitzer)
v1.1.0 - Fix bug where containers with no mounts would not appear. (Thank you DVeneziano)

Version 1.1.1
June 15, 2020

v1.1.1 - Fix regex for new docker stats format (Thank you JRitzer)
v1.1.0 - Fix bug where containers with no mounts would not appear. (Thank you DVeneziano)

Version 1.1.0
Jan. 2, 2020
  • Fix bug where containers with no mounts would not appear. (Thank you Davide Veneziano)
Version 1.0.0
April 16, 2019

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.