64° Adventures

This article may have been about running Splunk Enterprise in a Docker container, but it is actually about sending logs from Docker containers to Splunk Enterprise on-premises or Cloud deployments. By default, Docker logs JSON-formatted data to the filesystem. This is adequate for simpler systems, but log management (and viewing) becomes less practicable for more complex ones. Sending Docker log direct to the Splunk SIEM system is one technique to make things easier for the admins.