Reputation: 6347
Docker splunk logging driver - handshake failure
I'm trying to use docker splunk logging driver. Here's my command and docker error message:
$ docker run --log-driver=splunk --log-opt splunk-token=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX --log-opt splunk-url=https://input-prd-p-pxxxxxxxxxx.cloud.splunk.com:8088 hello-world
docker: Error response from daemon: Failed to initialize logging driver: remote error: handshake failure.
I've also tested with --log-opt splunk-insecureskipverify=true, but it didn't help. The splunk Http even collector should be configured correctly, as I can succesfully use curl for logging:
curl -k https://input-prd-p-pxxxxxxxxxx.cloud.splunk.com:8088/services/collector/event -H 'Authorization: Splunk XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX' -d '{"event":"Hello, World!"}'
Any clues how to make splunk docker driver work?
Here's my docker setup:
$ docker version
Client:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built: Thu Aug 18 17:32:24 2016
OS/Arch: darwin/amd64
Experimental: true
Server:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built: Thu Aug 18 17:32:24 2016
OS/Arch: linux/amd64
Experimental: true
Upvotes: 0
Views: 1482
Answers (1)
Reputation: 31
I've been having the same issue. Found this post regarding the self-signed certificate being the issue used in the trial version of the cloud instance:
https://answers.splunk.com/answers/335933/http-event-collector-how-to-troubleshoot-why-im-ge.html
That would explain why curl is working (-k option) and Docker is not.
-k, --insecure
(SSL) This option explicitly allows curl to perform "insecure" SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" fail unless -k, --insecure is used.
Based on the aforementioned post and replies within it from Splunk, Splunk has not fixed the issue as of July.
You would think even with the flag of "splunk-insecureskipverify=true", that would be a workaround for testing...
I have yet to find a workaround.
Upvotes: 1
Related Questions
- splunk-connect-for-kubernetes var/log/containers...log unreadable. It is excluded and would be examined next time
- Configure enterprise Splunk in docker, so services can log to HTTP Event Collector over HTTP
- Docker container monitor with splunk
- Docker fails to provide creds for awslogs logging driver
- Deploying Splunk Docker image fails to login
- How to forward application logs to Splunk from docker container?
- How to initialize Splunk HTTP Event Collector via Docker Compose and use it with splunk logging driver
- Docker Splunk Logging Driver - Logs to Splunk are sometimes delayed
- Where do docker logs go when splunk server is not reachable
- What does it take to get the splunk logger running with docker-compose?