Upgrade instructions

Upgrade from version 5.22 to 5.23

Upgrade the application in Splunk, and collectorfordocker.

Upgrade from version 5.21 to 5.22

Upgrade the application in Splunk, and collectorfordocker.

Upgrade from version 5.20 to 5.21

Upgrade the application in Splunk, and collectorfordocker.

Upgrade from version 5.19 to 5.20

Upgrade the application in Splunk, and collectorfordocker.

Upgrade from version 5.18 to 5.19

Upgrade the application in Splunk and collectorfordocker.

Upgrade from version 5.17 to 5.18

Upgrade the application in Splunk and collectorfordocker.

Upgrade from version 5.16 to 5.17

Upgrade the application in Splunk and collectorfordocker.

Upgrade from version 5.15 to 5.16

Upgrade the application in Splunk and collectorfordocker.

Upgrade from version 5.14 to 5.15

Upgrade the application in Splunk and collectorfordocker.

Upgrade from version 5.12 to 5.14

Upgrade the application in Splunk and collectorfordocker.

Upgrade from version 5.11 to 5.12

Upgrade the application in Splunk and collectorfordocker. Monitoring Docker application version 5.12 is backward compatible with the previous version of collectorfordocker. Stats input.system_stats have dedicated values for disabled, type and output. For backward compatibility Collectord accepts unified values from previous configurations. In the application there are two new macros macro_docker_stats_host and macro_docker_stats_cgroup, for backward compatibility they depend on the macro_docker_stats macro. Several inputs have new types, including input.system_stats, input.proc_stats and input.net_stats.

Upgrade from version 5.10 to 5.11

Upgrade the application in Splunk and collectorfordocker.

Upgrade from version 5.9 to 5.10

Upgrade the application in Splunk and collectorfordocker.

Upgrade from version 5.8 to 5.9

Upgrade the application in Splunk and collectorfordocker. See release notes for the new features (including capabilities to stream API Objects and support for multiple Splunk Clusters).

Upgrade from version 5.7 to 5.8

Upgrade the application in Splunk and collectorfordocker. No additional configurations has been added.

Upgrade from version 5.6 to 5.7

Upgrade the application in Splunk and collectorfordocker. New input is implemented input.journald, see configuration. If you have journald enabled and also forwarding messages to /var/log/messages or /var/log/syslog files, to make sure that you aren't going to forward the same host logs twice you can disable rsyslog on the system (or any other alternative) and specify from what timestamp you want Collectord to pick up journald logs

--env "COLLECTOR__JOURNALD_START=input.journald__startFromRel=-1h" \

To disable journald input

--env "COLLECTOR__JOURNALD_DISABLED=input.journald__disabled=true" \

Upgrade from version 5.5 to 5.6

Upgrade the application in Splunk and collectorfordocker. There are few parts in ConfigMap are new. You have not put them in your configuration, only if you are intending to use them.

1. Under [input.files:*] two new keys samplingPercent and samplingKey for enabling sampling.

2. The output [output.splunk] can now limit by the number of events in payload with events key.

Upgrade from version 5.4 to 5.5

Upgrade the application in Splunk and collectorfordocker. No additional configurations has been added.

Upgrade from version 5.3 to 5.4

Upgrade the application in Splunk and collectorfordocker. No additional configurations has been added.

Upgrade from version 5.2 to 5.3

Version 5.3 is a minor upgrade. Simple upgrade the Splunk application and the image. In the configuration file, you can find one new key group for [input.net_socket_table], that can significantly reduce licensing cost for the network socket table data.

Upgrade from version 5.1 to 5.2

Version 5.2 is a minor upgrade, that includes Performance improvements, Usability improvements, and capability of forwarding Docker and Kubelet runtime storage metrics (one additional event per host once in 30 seconds). For more details, please read Release History.

Mount metrics are defined under input.mount_stats. If you override indexes for various types of data, make sure to update these metrics as well.

Additionally we introduced devnull output, that allows you to disable collection of logs or metrics for specific containers.

With version 5.2 we predefined several alerts, that can help you to monitor the health of your clusters and performance of your applications.

Upgrade from version 5.0 to 5.1

Version 5.1 is a minor upgrade, that includes Performance improvements, Usability improvements, and capability of forwarding Network Metrics. For more details, please read Release History.

Network metrics are defined under input.net_stats (metrics) and input.net_socket_table (table of network connection). If you override indexes for various types of data, make sure to update these metrics as well.

Upgrade from version 3 to 5

1. Upgrade application

Download version 5 from SplunkBase and upgrade it in Splunk. Or perform in-place upgrade if you have downloaded our application from the app browser in Splunk.

2. Upgrade collector

Upgrade collector in your configuration (compose file or any other way you deploy collector) to latest version outcoldsolutions/collectorfordocker:5.23.431.

Update your configuration:

• Since version 5 we map docker root folder (/var/lib/docker/:/rootfs/var/lib/docker/) instead of containers folder (/var/lib/docker/containers/:/rootfs/var/lib/docker/containers/). This change allows us to auto-discover application logs.
• Since version 5 we map all host folders under /rootfs inside the container. Verify how you map the folders, compare to our Installation instructions.
• Since version 5 the default configuration file located in /config/001-general.conf instead of /config/collector.conf. If you used to override the configuration, please read the configuration page and update your configuration files.

Links

• Installation
  • Start monitoring your docker environments in under 10 minutes.
  • Automatically forward host, container and application logs.
  • Test our solution with the embedded 30 days evaluation license.
• Collector Configuration
  • Collector configuration reference.
  • Build custom image on top collector image with embedded configuration.
• Container Annotations
  • Forwarding application logs.
  • Multi-line container logs.
  • Fields extraction for application and container logs (including timestamp extractions).
  • Hiding sensitive data, stripping terminal escape codes and colors.
• Configuring Splunk Indexes
  • Using not default HTTP Event Collector index.
  • Configure the Splunk application to use not searchable by default indexes.
• Splunk fields extraction for container logs
  • Configure search-time fields extractions for container logs.
  • Container logs source pattern.
• Configurations for Splunk HTTP Event Collector
  • Configure multiple HTTP Event Collector endpoints for Load Balancing and Fail-overs.
  • Secure HTTP Event Collector endpoint.
  • Configure the Proxy for HTTP Event Collector endpoint.
• Collecting metrics from Prometheus format
  • Configure collector to forward metrics from the services in Prometheus format.
• Monitoring multiple clusters
  • Learn how you can monitor multiple clusters.
  • Learn how to set up ACL in Splunk.
• Streaming Docker Objects from API Engine
  • Learn how you can poll docker containers and images and forward them to Splunk.
• License Server
  • Learn how you can configure remote License URL for Collectord.
• Alerts
• Troubleshooting
• Release History
• Upgrade instructions
• Security
• FAQ and the common questions
• License agreement
• Pricing
• Contact