Has anyone had some experiences zookeeping container logs into Splunk?
I’m experiencing logging is not standardized across containers and thus ending with half a dozen logging structures going into:
/var/lib/mesos/slave/slaves/(?[^/]+)/frameworks/(?[^/]+)/executors/(?[^/]+)/runs/(?[^/]+)/{stdout,stderr}
Bumped into logspout which appears to be used to aggregate logs.
Is this the way to go?
Any alternative suggestion?