*Goal*: I want to monitor my docker containers using `splunk:6.5.2-monitor` and its built in docker app for splunk.
*Context*:
1. My docker-compose.yml contains `splunk:6.5.2-monitor` and several other docker images (only showing redis below).
vsplunk:
image: busybox
volumes:
- /opt/splunk/etc
- /opt/splunk/var
splunkenterprise:
#build: .
hostname: splunkenterprise
image: splunk/splunk:6.5.2-monitor
environment:
SPLUNK_START_ARGS: --accept-license
SPLUNK_ENABLE_LISTEN: 9997
SPLUNK_ADD: tcp 1514
volumes:
- /var/lib/docker/containers:/host/containers:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes_from:
- vsplunk
ports:
- "8000:8000"
- "9997:9997"
- "8088:8088"
- "1514:1514"
redis:
image: "redis:alpine"
log_driver: json-file
*Problem*: The docker app for splunk dashboard panels just says “Waiting for data … “. So, I added `SPLUNK_USER: root` as described.
"Overriding the SPLUNK_USER envrionment variable to an authorized user (such as "root") gives you the required access to the mount points that the Docker app needs to analyze the collected Docker information.”
environment:
SPLUNK_START_ARGS: --accept-license
SPLUNK_ENABLE_LISTEN: 9997
SPLUNK_ADD: tcp 1514
SPLUNK_USER: root
Unfortunately, adding that line makes docker-compose hang. I never see
splunkenterprise_1 | Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
splunkenterprise_1 | Generating RSA private key, 1024 bit long modulus
splunkenterprise_1 | ..............................++++++
splunkenterprise_1 | ..............................++++++
…etc...
Any ideas? I’m not getting any feedback to help me debug.
↧