Are there best practices with standardizing Docker/Mesos logs into Splunk?

tips-and-tricks

#1

Has anyone had some experiences zookeeping container logs into Splunk?

I’m experiencing logging is not standardized across containers and thus ending with half a dozen logging structures going into:

/var/lib/mesos/slave/slaves/(?[^/]+)/frameworks/(?[^/]+)/executors/(?[^/]+)/runs/(?[^/]+)/{stdout,stderr}

Bumped into logspout which appears to be used to aggregate logs.
Is this the way to go?
Any alternative suggestion?