Exploring container logs using Splunk
Since the focus of this book has been exploring data using Splunk, let’s briefly talk about monitoring containers. Containers can introduce increased complexity in monitoring. Although they have positive attributes such as scalability, flexibility, and lower cost, troubleshooting can be very tricky. We’ll focus on Docker in this section. By default, Docker logs are stored in /var/lib/docker/containers/<container_id> on the host where container_id is running. In a simple scenario, we can use the following Docker command to fetch logs from a container:
docker logs <container_id>
We can determine the container_id property by using the docker ps command to list all the running containers. The docker logs command retrieves batches of container logs that are available at the time of execution. This method works for troubleshooting or monitoring small deployments. However, it will not work for situations where containers...
