Logging – How to send logs to splunk from ECS

Logging – How to send logs to splunk from ECS

In continuation of our previous blog  journey through AWS ECS where we showed how we can use Amazon Container Service for running containerized service. AWS ECS is really easy and helpful if you don’t want to work on networking of containers, port mapping etc.


As you start your service on AWS ECS then you would need to store the logs of containers, as containers come and go. Here are some solution which might help you out –

1. Mount the drive – You can mount the drive to store logs
2. ECS gives you a feature to send the logs at your desired tools such as – Splunk, Cloudwatch, Sumologic.

Now I am gonna explain to you how you can send your standard I/O logs directly to Splunk without mentioning in Dockerfile.

Getting started with Splunk

1. First, you need Splunk token and URL for sending logs from ECS to Splunk.

        • Click on Setting
        • Click on Data Input
        • Click on HTTP Event Collector
        • Click on New Token
        • Provide the name of token like service-name and click next
        • Create index (test) for new service. Now you need to select that index and click next
        • Review the information and click on submit
        • Now you can search log by index name

      Provide appropriate information, create a toke and at the last you will get a token something like XXXXXXX-04e4-45b4-XXXX-XXXXXXXXXXXX.

      2. Now go to Task definition of ECS and Goto the section Storage and Logging
      Note :- For ECs sending logs to splunk you need to enable driver by using ecs config file. You can do this by simply put ECS_AVAILABLE_LOGGING_DRIVERS in userdata of instances.

      echo ECS_AVAILABLE_LOGGING_DRIVERS='[“splunk”,”awslogs”, “json-file”, “syslog”]’ >> /etc/ecs/ecs.config

      Select the Splunk from the drop-down list of Log Configuration and fill the information as –

        • splunk-url: https://splunk-url:9000
      • splunk-token : XXXXXXX-04e4-45b4-XXXX-XXXXXXXXXXXX
        Create the task definition and you will find the standard I/O logs in Splunk under created index (test) when you creating token.

One Reply to “Logging – How to send logs to splunk from ECS”

  1. Inquiry from Houston, TX


    Do you lack an extra stable income outside of your business or job?

    Interactivewise provides an opportunity that you can earn cash by sharing your opinion.

    Now take 5 minutes to fill out a survey, and you will see that $ 3 or $ 5 is credited to your account: https://www.interactivewise.com/cashsurvey

    Costs Nothing To Join.

    Best Regards,
    Katherine Cline

    Company: Interactivewise
    Address: 11202 Clay Rd, Houston, TX 77041, United States

    Unsubscribe: https://www.interactivewise.com/unsubscribe

Leave a Reply

Your email address will not be published. Required fields are marked *