Skip to main content
Sumo Logic

Docker Sources

Docker is a lightweight open platform that provides a way to package applications in containers for a software development environment. 

You can add the following types of Docker Sources to an Installed Collector:

  • Docker Logs. Collects stdout/stderr logs from processes that are running within Docker containers.

  • Docker Stats. Collects metrics about Docker containers.

Notes regarding Docker Sources

Add a Docker Logs Source

  1. In the Sumo web app, select Manage Data > Collection > Collection.
  2. Navigate to the collector you installed on the Docker host, and select Add > Add Source.
  3. Select Docker Logs. The Docker Logs page appears.
  4. Configure the source fields:
    1. Name. (Required).
    2. Description. (Optional).
    3. URI. Enter the URI of the Docker daemon.
      • If your collector runs on the same host as the Docker containers it will monitor, enter the non-networked Unix socket:
        unix:///var/run/docker.sock
      • If your collector runs on a different machine than the Docker host, you can determine its URI from a Docker environment variable. Run the docker-machine command to find the Docker environment variables.

        $ docker-machine env machine-name

        For example:
        $ docker-machine env default
        export DOCKER_TLS_VERIFY="1"
        export DOCKER_HOST="tcp://192.168.99.100:2376"
        export DOCKER_CERT_PATH="/Users/sumo/.docker/machine/machines/default"
        export DOCKER_MACHINE_NAME="default"
        # Run this command to configure your shell: 
        # eval "$(docker-machine env default)"
        

        Take the value of the DOCKER_HOST variable, change "tcp" to "https", and enter that value as the URI. For example,
        https://192.168.99.100:2376
    4. Cert Path. (Required for remote access only) Enter the path to the certificate files on the local machine where the collector runs. In the example above, the cert path is: /Users/sumo/.docker/machine/machines/default.
    5. Collect From and Container Filters. If you want to collect from all containers, click the All Containers radio button. If you want to collect from selected containers, click the Specified Container Filters radio button, and specify filter expressions in the Container Filters field. For information about how to define container filters, see More about defining container filters below.
      • By default, you can collect from up to 40 containers. To increase the limit, edit the collector.properties file (in the config subdirectory of the collector installation directory), and add the docker.maxPerContainerConnections property. The maximum supported value is 100.
    6. Source Host. Enter the hostname or IP address of the source host. If not specified, it’s assumed that the host is the machine where Docker is running. The hostname can be a maximum of 128 characters.
    7. Source Category. (Required) Enter the Sumo source category (such as prod/web/docker/logs). The source category metadata field is a fundamental building block to organize and label sources. For details see Best Practices.
  5. Configure the Advanced options.
    1. Enable Timestamp Parsing. This option is checked by default.
    2. Time Zone. Default is “Use time zone from log file”.
    3. Timestamp Format. Default is “Automatically detect the format”.
    4. Encoding. Default is “UTF-8”.
    5. Enable Multiline Processing. 
      • Detect messages spanning multiple lines. This option is checked by default.
      • Infer Boundaries. This option is checked by default.
      • Boundary Regex. If multiple processing is enabled, and Infer Boundaries is disabled, enter a regular expression for message boundaries.
  6. Configure processing rules. For more information, see Processing Rules.

Add a Docker Stats Source

  1. In Sumo select Manage Data > Collection > Collection.
  2. Navigate to the collector you installed on the Docker host, and select Add > Add Source.
  3. Select Docker Stats. The Docker Stats page appears. docker stats source
  4. Configure the source fields:
    1. Name. (Required)
    2. Description. (Optional)
    3. URI. Enter the URI of the Docker daemon.
      • If your collector runs on the same host as the Docker containers it will monitor, enter the non-networked Unix socket:
        unix:///var/run/docker.sock
      • If your collector runs on a different machine than the Docker host, you can determine its URI from a Docker environment variable. Run the docker-machine command to find the Docker environment variables.

        $ docker-machine env machine-name

        For example:
        $ docker-machine env default
        export DOCKER_TLS_VERIFY="1"
        export DOCKER_HOST="tcp://192.168.99.100:2376"
        export DOCKER_CERT_PATH="/Users/sumo/.docker/machine/machines/default"
        export DOCKER_MACHINE_NAME="default"
        # Run this command to configure your shell: 
        # eval "$(docker-machine env default)"
        

        Take the value of the DOCKER_HOST variable, change "tcp" to "https", and enter that value as the URI. For example,
        https://192.168.99.100:2376
    4. Cert Path. (Required for remote access only) Enter the path to the certificate files on the local machine where the collector runs. In the example above, the cert path is: /Users/sumo/.docker/machine/machines/default
    5. Collect From and Container Filters. If you want to collect from all containers, click the All Containers radio button. If you want to collect from selected containers, click the Specified Container Filters radio button, and specify filter expressions in the Container Filters field. For information about how to define container filters, see More about defining container filters below.
      • By default, you can collect from up to 40 containers. To increase the limit, edit the collector.properties file (in the config subdirectory of the collector installation directory), and add the docker.maxPerContainerConnections property. The maximum supported value is 100.
    6. Source Host. Enter the hostname or IP address of the source host. If not specified, it’s assumed that the host is the machine where Docker is running. The hostname can be a maximum of 128 characters.
    7. Source Category. (Required) Enter the Sumo source category (such as prod/web/docker/stats). The source category metadata field is a fundamental building block to organize and label sources. For details see Best Practices..
    8. Scan Interval. This option sets how often the source is scanned. Setting a shorter frequency increases message volume, and can cause your deployment to incur additional charges.

More about defining container filters  

Edit sectionIn the Container Filter field, you can enter a comma-separated list of one or more of the following types of filters:

  • A specific container name, for example, “my-container”
  • A wildcard filter, for example, “my-container-*”
  • An exclusion (blacklist) filter, which begins with an exclamation mark, for example, ”!master-container” or “!prod-*”

For example, this filter list:

prod-*, !prod-*-mysql, master-*-app-*, sumologic-collector

will cause the source to collect from all containers whose names start with “prod-”, except those that match “prod-*-mysql”. It will also collect from containers with names that match “master-*-app-*”, and from the “sumologic-collector” container.

If your filter list contains only exclusions, the source will collect all containers except from those that match your exclusion filters. For example:

!container123*, !prod-*

will cause the source to exclude containers whose names begin with “container123” and “prod-”.