Merge pull request #17891 from splunk/splunk-logger-support-for-tag-env-labels

Allow configurable metadata for Splunk log driver

contrib/completion/bash/docker

@@ -337,7 +337,7 @@ __docker_log_driver_options() {
 	local journald_options="env labels"
 	local json_file_options="env labels max-file max-size"
 	local syslog_options="syslog-address syslog-facility tag"
-	local splunk_options="splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url"
+	local splunk_options="env labels splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url tag"
 
 	local all_options="$fluentd_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options"
 

daemon/logger/splunk/splunk.go

@@ -16,6 +16,7 @@ import (
 
 	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/daemon/logger"
+	"github.com/docker/docker/daemon/logger/loggerutils"
 	"github.com/docker/docker/pkg/urlutil"
 )
 
@@ -29,6 +30,9 @@ const (
 	splunkCAPathKey             = "splunk-capath"
 	splunkCANameKey             = "splunk-caname"
 	splunkInsecureSkipVerifyKey = "splunk-insecureskipverify"
+	envKey                      = "env"
+	labelsKey                   = "labels"
+	tagKey                      = "tag"
 )
 
 type splunkLogger struct {
@@ -50,9 +54,10 @@ type splunkMessage struct {
 }
 
 type splunkMessageEvent struct {
-	Line        string `json:"line"`
-	ContainerID string `json:"containerId"`
-	Source      string `json:"source"`
+	Line   string            `json:"line"`
+	Source string            `json:"source"`
+	Tag    string            `json:"tag,omitempty"`
+	Attrs  map[string]string `json:"attrs,omitempty"`
 }
 
 func init() {
@@ -126,6 +131,13 @@ func New(ctx logger.Context) (logger.Logger, error) {
 	nullMessage.SourceType = ctx.Config[splunkSourceTypeKey]
 	nullMessage.Index = ctx.Config[splunkIndexKey]
 
+	tag, err := loggerutils.ParseLogTag(ctx, "{{.ID}}")
+	if err != nil {
+		return nil, err
+	}
+	nullMessage.Event.Tag = tag
+	nullMessage.Event.Attrs = ctx.ExtraAttributes(nil)
+
 	logger := &splunkLogger{
 		client:      client,
 		transport:   transport,
@@ -146,11 +158,8 @@ func (l *splunkLogger) Log(msg *logger.Message) error {
 	// Construct message as a copy of nullMessage
 	message := *l.nullMessage
 	message.Time = fmt.Sprintf("%f", float64(msg.Timestamp.UnixNano())/1000000000)
-	message.Event = splunkMessageEvent{
-		Line:        string(msg.Line),
-		ContainerID: msg.ContainerID,
-		Source:      msg.Source,
-	}
+	message.Event.Line = string(msg.Line)
+	message.Event.Source = msg.Source
 
 	jsonEvent, err := json.Marshal(&message)
 	if err != nil {
@@ -201,6 +210,9 @@ func ValidateLogOpt(cfg map[string]string) error {
 		case splunkCAPathKey:
 		case splunkCANameKey:
 		case splunkInsecureSkipVerifyKey:
+		case envKey:
+		case labelsKey:
+		case tagKey:
 		default:
 			return fmt.Errorf("unknown log opt '%s' for %s log driver", key, driverName)
 		}

docs/reference/logging/splunk.md

@@ -32,16 +32,22 @@ You can set the logging driver for a specific container by using the
 You can use the `--log-opt NAME=VALUE` flag to specify these additional Splunk
 logging driver options:
 
-  - `splunk-token` required, Splunk HTTP Event Collector token
-  - `splunk-url` required, path to your Splunk Enterprise or Splunk Cloud instance
-      (including port and schema used by HTTP Event Collector) `https://your_splunk_instance:8088`
-  - `splunk-source` optional, event source
-  - `splunk-sourcetype` optional, event source type
-  - `splunk-index` optional, event index
-  - `splunk-capath` optional, path to root certificate
-  - `splunk-caname` optional, name to use for validating server
-      certificate; by default the hostname of the `splunk-url` will be used
-  - `splunk-insecureskipverify` optional, ignore server certificate validation
+| Option                      | Required | Description                                                                                                                                                                                                        |
+|-----------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `splunk-token`              | required | Splunk HTTP Event Collector token.                                                                                                                                                                                 |
+| `splunk-url`                | required | Path to your Splunk Enterprise or Splunk Cloud instance (including port and schema used by HTTP Event Collector) `https://your_splunk_instance:8088`.                                                              |
+| `splunk-source`             | optional | Event source.                                                                                                                                                                                                      |
+| `splunk-sourcetype`         | optional | Event source type.                                                                                                                                                                                                 |
+| `splunk-index`              | optional | Event index.                                                                                                                                                                                                       |
+| `splunk-capath`             | optional | Path to root certificate.                                                                                                                                                                                          |
+| `splunk-caname`             | optional | Name to use for validating server certificate; by default the hostname of the `splunk-url` will be used.                                                                                                           |
+| `splunk-insecureskipverify` | optional | Ignore server certificate validation.                                                                                                                                                                              |
+| `tag`                       | optional | Specify tag for message, which interpret some markup. Default value is `{{.ID}}` (12 characters of the container ID). Refer to the [log tag option documentation](log_tags.md) for customizing the log tag format. |
+| `labels`                    | optional | Comma-separated list of keys of labels, which should be included in message, if these labels are specified for container.                                                                                          |
+| `env`                       | optional | Comma-separated list of keys of environment variables, which should be included in message, if these variables are specified for container.                                                                        |
+
+If there is collision between `label` and `env` keys, the value of the `env` takes precedence.
+Both options add additional fields to the attributes of a logging message.
 
 Below is an example of the logging option specified for the Splunk Enterprise
 instance. The instance is installed locally on the same machine on which the
@@ -51,6 +57,12 @@ The `SplunkServerDefaultCert` is automatically generated by Splunk certificates.
 
     docker run --log-driver=splunk \
         --log-opt splunk-token=176FCEBF-4CF5-4EDF-91BC-703796522D20 \
-        --log-opt splunk-url=https://localhost:8088 \
-        --log-opt splunk-capath=/opt/splunk/etc/auth/cacert.pem \
+        --log-opt splunk-url=https://splunkhost:8088 \
+        --log-opt splunk-capath=/path/to/cert/cacert.pem \
         --log-opt splunk-caname=SplunkServerDefaultCert
+        --log-opt tag="{{.Name}}/{{.FullID}}"
+        --log-opt labels=location
+        --log-opt env=TEST
+        --env "TEST=false"
+        --label location=west
+        your/application