Are there best practices with standardizing Docker/Mesos logs into Splunk?

Has anyone had some experiences zookeeping container logs into Splunk?

I’m experiencing logging is not standardized across containers and thus ending with half a dozen logging structures going into:


Bumped into logspout which appears to be used to aggregate logs.
Is this the way to go?
Any alternative suggestion?