diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 0659c33fb9..f2648f70c0 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -337,7 +337,7 @@ __docker_log_driver_options() { local journald_options="env labels" local json_file_options="env labels max-file max-size" local syslog_options="syslog-address syslog-facility tag" - local splunk_options="splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url" + local splunk_options="env labels splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url tag" local all_options="$fluentd_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options" diff --git a/daemon/logger/splunk/splunk.go b/daemon/logger/splunk/splunk.go index 83c3e93984..246302ffc6 100644 --- a/daemon/logger/splunk/splunk.go +++ b/daemon/logger/splunk/splunk.go @@ -16,6 +16,7 @@ import ( "github.com/Sirupsen/logrus" "github.com/docker/docker/daemon/logger" + "github.com/docker/docker/daemon/logger/loggerutils" "github.com/docker/docker/pkg/urlutil" ) @@ -29,6 +30,9 @@ const ( splunkCAPathKey = "splunk-capath" splunkCANameKey = "splunk-caname" splunkInsecureSkipVerifyKey = "splunk-insecureskipverify" + envKey = "env" + labelsKey = "labels" + tagKey = "tag" ) type splunkLogger struct { @@ -50,9 +54,10 @@ type splunkMessage struct { } type splunkMessageEvent struct { - Line string `json:"line"` - ContainerID string `json:"containerId"` - Source string `json:"source"` + Line string `json:"line"` + Source string `json:"source"` + Tag string `json:"tag,omitempty"` + Attrs map[string]string `json:"attrs,omitempty"` } func init() { @@ -126,6 +131,13 @@ func New(ctx logger.Context) (logger.Logger, error) { nullMessage.SourceType = ctx.Config[splunkSourceTypeKey] nullMessage.Index = ctx.Config[splunkIndexKey] + tag, err := loggerutils.ParseLogTag(ctx, "{{.ID}}") + if err != nil { + return nil, err + } + nullMessage.Event.Tag = tag + nullMessage.Event.Attrs = ctx.ExtraAttributes(nil) + logger := &splunkLogger{ client: client, transport: transport, @@ -146,11 +158,8 @@ func (l *splunkLogger) Log(msg *logger.Message) error { // Construct message as a copy of nullMessage message := *l.nullMessage message.Time = fmt.Sprintf("%f", float64(msg.Timestamp.UnixNano())/1000000000) - message.Event = splunkMessageEvent{ - Line: string(msg.Line), - ContainerID: msg.ContainerID, - Source: msg.Source, - } + message.Event.Line = string(msg.Line) + message.Event.Source = msg.Source jsonEvent, err := json.Marshal(&message) if err != nil { @@ -201,6 +210,9 @@ func ValidateLogOpt(cfg map[string]string) error { case splunkCAPathKey: case splunkCANameKey: case splunkInsecureSkipVerifyKey: + case envKey: + case labelsKey: + case tagKey: default: return fmt.Errorf("unknown log opt '%s' for %s log driver", key, driverName) } diff --git a/docs/reference/logging/splunk.md b/docs/reference/logging/splunk.md index 8580cb9647..914387514d 100644 --- a/docs/reference/logging/splunk.md +++ b/docs/reference/logging/splunk.md @@ -32,16 +32,22 @@ You can set the logging driver for a specific container by using the You can use the `--log-opt NAME=VALUE` flag to specify these additional Splunk logging driver options: - - `splunk-token` required, Splunk HTTP Event Collector token - - `splunk-url` required, path to your Splunk Enterprise or Splunk Cloud instance - (including port and schema used by HTTP Event Collector) `https://your_splunk_instance:8088` - - `splunk-source` optional, event source - - `splunk-sourcetype` optional, event source type - - `splunk-index` optional, event index - - `splunk-capath` optional, path to root certificate - - `splunk-caname` optional, name to use for validating server - certificate; by default the hostname of the `splunk-url` will be used - - `splunk-insecureskipverify` optional, ignore server certificate validation +| Option | Required | Description | +|-----------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `splunk-token` | required | Splunk HTTP Event Collector token. | +| `splunk-url` | required | Path to your Splunk Enterprise or Splunk Cloud instance (including port and schema used by HTTP Event Collector) `https://your_splunk_instance:8088`. | +| `splunk-source` | optional | Event source. | +| `splunk-sourcetype` | optional | Event source type. | +| `splunk-index` | optional | Event index. | +| `splunk-capath` | optional | Path to root certificate. | +| `splunk-caname` | optional | Name to use for validating server certificate; by default the hostname of the `splunk-url` will be used. | +| `splunk-insecureskipverify` | optional | Ignore server certificate validation. | +| `tag` | optional | Specify tag for message, which interpret some markup. Default value is `{{.ID}}` (12 characters of the container ID). Refer to the [log tag option documentation](log_tags.md) for customizing the log tag format. | +| `labels` | optional | Comma-separated list of keys of labels, which should be included in message, if these labels are specified for container. | +| `env` | optional | Comma-separated list of keys of environment variables, which should be included in message, if these variables are specified for container. | + +If there is collision between `label` and `env` keys, the value of the `env` takes precedence. +Both options add additional fields to the attributes of a logging message. Below is an example of the logging option specified for the Splunk Enterprise instance. The instance is installed locally on the same machine on which the @@ -51,6 +57,12 @@ The `SplunkServerDefaultCert` is automatically generated by Splunk certificates. docker run --log-driver=splunk \ --log-opt splunk-token=176FCEBF-4CF5-4EDF-91BC-703796522D20 \ - --log-opt splunk-url=https://localhost:8088 \ - --log-opt splunk-capath=/opt/splunk/etc/auth/cacert.pem \ + --log-opt splunk-url=https://splunkhost:8088 \ + --log-opt splunk-capath=/path/to/cert/cacert.pem \ --log-opt splunk-caname=SplunkServerDefaultCert + --log-opt tag="{{.Name}}/{{.FullID}}" + --log-opt labels=location + --log-opt env=TEST + --env "TEST=false" + --label location=west + your/application