Skip to main content


Splunk Lantern

Container data


Container logs are an efficient way to acquire logs generated by applications running inside a container. By utilizing logging drivers, output that is usually logged is redirected to another target. Since logging drivers start and stop when containers start and stop, this is the most effective way of capturing machine data, given the often limited lifespan of a container.  Container metrics contain details related to CPU, memory, I/O, and network metrics generated by a container. By capturing this data, you have the opportunity to spot specific containers that appear to consume more resources than others – enabling faster, more precise troubleshooting.


Guidance for onboarding data can be found in the Spunk Documentation, Getting Data In (Splunk Enterprise) or Getting Data In (Splunk Cloud).

In addition, Splunk Connect for Docker can be helpful for working with container data.

Looking for more information on data types? Download the Splunk Essential Guide to Machine Data.