当无法访问 splunk 服务器时,docker 日志去哪里

Where do docker logs go when splunk server is not reachable

我正在尝试从 运行 docker 容器中获取 docker 日志。我在我的 docker compose 中将 splunk 配置为日志记录驱动程序,我知道如果无法访问 splunk 服务器,则容器将不会启动。

  proxysecurity:
    image: test/image
    network_mode: host
    depends_on:
      - zookeeper
    ports:
      - '8083:8083'
    logging:
      driver: "splunk"
      options:
         splunk-url: "http://XX.X2.X3.X1:XXX7/"
         splunk-token: "XXXXX5-9CA1-44B8-B9E8-2XXX25"
         splunk-format: json
         tag: "{{.ImageName}}/{{.Name}}/{{.ID}}"
    environment:
      XXXCONNECT: localhost:32181
      XXXXXRS: http://localhost:8083

现在,如果当容器启动且 运行 时无法访问 splunk 服务器,是否有任何回退机制,我们可以告诉 docker 容器在本地登录? 或者有什么方法可以登录到 splunk 以及本地容器内?

我是 Splunk 日志记录驱动程序的作者。

如果 Splunk 不可用,驱动程序会在内存中保留小缓冲区并不断重试。缓冲区大小的配置已记录 没有驱动程序的官方文档 https://docs.docker.com/engine/admin/logging/splunk/

SPLUNK_LOGGING_DRIVER_BUFFER_MAX If driver cannot connect to remote server, what is the maximum amount of messages it can hold in buffer for retries.

不幸的是,考虑到此缓冲区可以很快填满并且将缓冲区增加到更高数量会影响您的容器,这并不理想。但大多数驱动都是这样写的。

我构建了另一个向 Splunk 传送日志和指标的解决方案。该解决方案包括带有收集器和 Splunk Certified Application. It is built on top of json-file driver, which means that when Splunk is unavailable it will just keep retrying from the position of the log files. The logs files can have their own settings for rotation, this can be configured with dockerd daemon configuration. You can read another benefits of our solution Comparing with Splunk Logging Driver. And how to get started with Monitoring Docker.

的小图像