Outcold Solutions provide solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. We offer Splunk applications, which give you insights across all containers environments. We are helping businesses to reduce complexity related to logging and monitoring by providing easy-to-use and deploy solutions for Linux and Windows containers. We deliver applications to help developers monitor their applications and operators to keep their clusters healthy. With the power of Splunk Enterprise and Splunk Cloud, we offer a unique solution to help you keep all the metrics and logs in one place, allowing you to quickly address complex questions on container performance and cluster health.
We provide solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. With 10 minutes setup, you will get a monitoring solution, that includes log aggregation, performance and system metrics, metrics from the control plane and application metrics, a dashboard for reviewing network activity, and alerts to notify you about cluster or application performance issues.
All our solutions are powered by the Collectord, a container-native software built by Outcold Solutions that provides capabilities for discovering, transforming and forwarding logs, collecting system metrics, collecting metrics from the control plane of the orchestration frameworks and forwarding network activity. Collectord provides flexible and powerful tools for transforming logs. With our software you can hide sensitive information from the loglines before forwarding them. With Collectord you can reduce the licensing costs associated with logging aggregation by choosing which data you want to forward from the log streams. Collectord forwards container logs, host logs and can discover logs written by the containerized applications.
See detailed metrics from containers and processes, including performance metrics, utilization metrics and security insights. Forward application-specific metrics, exported in Prometheus format. Use prebuilt Splunk dashboards for a comprehensive overview.
Aggregate logs from containers, applications, and servers. Use flexible mappings to filter logs enriched with container metadata, correlate logs with metrics, and leverage Splunk capabilities for analyzing logs. Use Collectord to transform logs before they reach Splunk, remove sensitive information, remove PII data to help keep your logs GDPR compliant. With Collectord you can reduce licensing and storage costs by choosing which loglines you want to forward.
Diagnose cluster issues by looking at historical events, monitoring allocations, and regulating cluster capacity. Leverage pre-built alerts for monitoring the health of the clusters out of the box.
Define access to the data by clusters, namespaces and even pods or containers. Review network activities, happening inside your cluster, and outside connections. Verify containers running with elevated security permissions. Use audit logs for monitoring changes in deployments.
Use one tool to collect and forward logs and metrics required by developers for reviewing performance and health of their applications. With the annotations developers can define how they want to see the data in log aggregation tool, specify multiline log patterns, removing terminal escape codes, override types, sources and indexes.
Supports collectorfordocker version 5.22.x and below (see https://www.outcoldsolutions.com for latest configuration)
- Address too many data points in host dashboard in network graphs
- Additional CPU Metrics: CPU IOWait, Steal and Idle in Top Hosts dashboards.
- Showing CPU IOWait in Host dashboard.
- New dashboard Review->Disk Stats for the host.
- Exclude virtual ethernet interfaces from host dashboard.
Collectord updates:
- Allow disabling IP address Lookup in net_socket_table input.
- Better handling of zombie processes in proc_stats input.
- Allow configuring user Splunk outputs using CDR SplunkOutput.
- Allow blacklisting labels from forwarded metadata.
- When onVolumeDatabase is used Collectord verifies that volume supports locking.
- Add additional metrics CPU IOWait, Steal and Idle.
- Monitoring disk stats for the host.
- Add input disk_stats.
- New diagnostic - CPU Vulnerabilities.
...
Supports collectorfordocker version 5.21.x and below (see https://www.outcoldsolutions.com for latest configuration)
- Compatibility updates for the version 5.21 of Collectord
- New Dashboard: Review -> CPU (Throttled, Quota, Shares)
- Alert update: Container CPU Throttled
- Network tables update: show UDP connections for Host, Containers, and Services
- Network Connection Dashboard: allows filtering by namespaces
Collectord updates:
- Support for global replace configurations for Collectord, allowing to sanitize data before forwarding to Splunk
- Support journald as logging driver for container logs
- Support Podman as a runtime (with journald as a logging driver for container logs)
- When both volatile and persistent journald destination exist, Collectord will identify which has the most recent data
- Allow sending to Splunk more precise timestamps for the events
- Compatibility updates for latest version
Supports collectorfordocker version 5.20.x and below (see https://www.outcoldsolutions.com for latest configuration)
- Compatibility updates for the version 5.20 of Collectord
Collectord updates:
- Multi-architecture images for amd64 and arm64
- Allow sending logs to multiple Splunk HEC endpoints simultaneously
- Collectord produces diag file without performance data, if flag --include-performance-profiles
is not set
- Use IMDSv2 for AWS metadata
- Performance improvements for an acknowledgement database
- Improvements for the acknowledgement database on how long Collectord keeps the data by refreshing the state, if file still exists on the disk
- Upgrade Go language runtime to 1.20.3
- Collectord verifies that only one Collectord instance can access the data folder, where Collectord stores its state
- Remove automatic watching for Docker runtime on Kubernetes/OpenShift hosts
...
5.19.390 - 2022-10-17
Supports collectorfordocker version 5.19.x and below (see https://www.outcoldsolutions.com for latest configuration)
- New alert for Collectord alarms for node diagnostics (reboot required, and entropy)
- Review->Storage: added Volumes list based on /system/df output (size and refCount)
Collectord updates:
- Splunk output supports maximumMessageLength to truncate messages exceeding this size
- Splunk output supports requireExplicitIndex to ignore all events that don't have explicit index defined
- Collectord monitors if node requires reboot
- Allow to forward volumes stats using /system/df API
- Upgrade go runtime to 1.19.2
- Beta: weighted splunk output algorithm when multiple threads used
- Bug fix: if docker API input fails it can clog the output
...
Collectord updates:
- Support cgroupv2
- New ability to specify the message field name for the logs extraction with annotations extractionMessageField
- Collectord improves grace period for expired licenses allowing to bootstrap new nodes for 14 days
- Support of journald database written with systemd library 247+
- Upgrade go runtime to 1.17.9
- Bug fix: cleanup the diag, exclude the real license key
- Bug fix: collectord reports high CPU usage for just started containers or hosts
- Bug fix: update pods/container labels when user updates them (prior restart was required)
- Bug fix: set now as a date for container logs with corrupted log files instead of 0 timestamp
- Bug fix: include the values of whitelists and blacklists in diag...
Collectord updates:
Collectord updates:
Collectord updates:
\0
symbol from the labels values in the prometheus metricsRequires collectorfordocker version 5.15.300 or above (see https://www.outcoldsolutions.com for latest configuration)
Collectord updates:
Collectord updates:
Requires collectorfordocker version 5.12.272 or above (see https://www.outcoldsolutions.com for latest configuration)
Requires collectorfordocker version 5.12.271 or above (see https://www.outcoldsolutions.com for latest configuration)
Collectord updates:
- Bug fix: when event pattern is used for joining multi-line events, the error can not be showed if raised by the input in pipeline.
- Bug fix: reduce warnings failed to get the new event in pipeline - submitted
- Stability improvements
Collectord updates:
Requires collectorfordocker version 5.11.260 or above (see https://www.outcoldsolutions.com for latest configuration)
Collectord updates:
Collectord updates:
Requires collectorfordocker version 5.9.240 or above (see https://www.outcoldsolutions.com for latest configuration)
Collectord updates:
Requires collectorfordocker version 5.8.230 or above (see https://www.outcoldsolutions.com for latest configuration)
Collectord updates:
Requires collectorfordocker version 5.7.220 or above (see https://www.outcoldsolutions.com for latest configuration)
Collectord updates:
Requires collectorfordocker version 5.6.212 or above (see https://www.outcoldsolutions.com for latest configuration)
Read more https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/
Requires collectorfordocker version 5.5.202 or above (see https://www.outcoldsolutions.com for latest configuration)
Collectord updates:
- Fixed: Interval 0 in Prometheus input can crash the collectord.
- Fixed: When both glob and match are set for the application logs, the glob pattern can block the match pattern from
finding the files in the volume.
Requires collectorfordocker version 5.4.201 or above (see https://www.outcoldsolutions.com for latest configuration)
Collectord updates:
- Fixed: Better handling rotated files (less open fd)
- Fixed: Events input can hang in the err loop.
Requires collectorfordocker version 5.4 or above (see https://www.outcoldsolutions.com for latest configuration)
Collectord updates:
- New: Attach EC2 metadata fields
- New: Basic Auth for Proxy (License Server and Splunk)
- Fixed: Collectord verifies reports CRI-O as unsupported runtime.
- Fixed: Rare crash on Prometheus metrics definition.
- Fixed: Better handling of acknowledgment database corruption.
- Fixed: When handling incorrect indexes, collectord can send index with an empty string, that Splunk recognize as an incorrect index
Requires collectorfordocker version 5.3 or above (see https://www.outcoldsolutions.com for latest configuration)
Read more https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/
5.2.180 - 2018-10-28
- Fixed: lookup with alerts causing very often replication activities on SHC
Requires collectorfordocker version 5.2 or above (see https://www.outcoldsolutions.com for latest configuration)
For details https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/
Requires collectorfordocker version 5.2 or above (see https://www.outcoldsolutions.com for latest configuration)
For details https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/
For details:
https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/
Highlights:
For more details
https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/
New security dashboard, CPU Shares, Quotas and Memory Limits monitoring.
A lot of of bug fixes and performance improvements.
Relese Notes: https://www.outcoldsolutions.com/docs/monitoring-docker/release-history/#30-2018-02-07
Upgrade instructions: https://www.outcoldsolutions.com/docs/monitoring-docker/upgrade-2-to-3/
Requires collectorfordocker version 3.0 or above (see https://www.outcoldsolutions.com for latest configuration)
Requires collectorfordocker version 2.1.59.171209 or above
Requires collectorfordocker version 2.1.59.171209 or above
Requires collectorfordocker version 2.0.37.171023 or above
docker_labels_LABEL1=VALUE1
to docker_labels=[LABEL1=VALUE1,LABEL2=VALUE2]
.Updated links to official documentation on how to install collector.
Initial release
Docker logs, metrics and events in one place
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.