Kuberntes Sidecar for sending logs to Splunk


I have deployed my application image into Kubernetes.

Trying to send application logs to Splunk. One option would be to use DeamonSet. But, due to some restrictions, I would like to use sidecar.

Is there any sidecar for sending logs from kubernets docker to Splunk?

Or else, any direction will be appreciated.



Check out this blog it should give you pretty good idea.


If you have not seen that yet, I would recommend to look at out solution for monitoring kubernetes in Splunk. We have built a containers native collector that can help to discover, transfer and forward logs to Splunk.
When you deploy our solution you can easily discover and forward application logs written inside of the container (on the volume, like an emptyDir) and just tell the collector the name of the volume. We have an example in our docs, how to forward logs from the postgresql written in emptyDir: https://www.outcoldsolutions.com/docs/monitoring-kubernetes/v5/annotations/#application-logs

Few notes:

  • It is a paid solution. We charge money for our solution. But we are engineering focused company, so we do not charge a lot, comparing to the time you need to spend to build something similar.
  • Our collectord is deployed us a daemonset. You mentioned about the restrictions. But with our solution - your admins need to install it once, no need to reconfigure. And developers can tell collectord which data needs to be collected and how it should be transformed with annotations, that can be written on Namespaces, Workloads and Pods.