Container logs are an efficient way to acquire logs generated by applications running inside a container. By utilizing logging drivers, output that is usually logged is redirected to another target. Since logging drivers start and stop when containers start and stop, this is the most effective way of capturing machine data, given the often limited lifespan of a container. Container metrics contain details related to CPU, memory, I/O, and network metrics generated by a container. By capturing this data, you have the opportunity to spot specific containers that appear to consume more resources than others – enabling faster, more precise troubleshooting.
Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: