Container logs are an efficient way to acquire logs generated by applications running inside a container. By utilizing logging drivers, output that is usually logged is redirected to another target. Since logging drivers start and stop when containers start and stop, this is the most effective way of capturing machine data, given the often limited lifespan of a container.
Container metrics contain details related to CPU, memory, I/O, and network metrics generated by a container. By capturing this data, you have the opportunity to spot specific containers that appear to consume more resources than others – enabling faster, more precise troubleshooting.
When your Splunk deployment is ingesting container data, you can use it to accomplish application delivery and DevOps use cases.
Guidance for onboarding data can be found in the Spunk Documentation, Getting Data In (Splunk Enterprise) or Getting Data In (Splunk Cloud). In addition, these Splunk Add-Ons and Apps are helpful for working with container data.
Looking for more information on data types? Download the Splunk Essential Guide to Machine Data.