Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution.docker run -- log driver=splunk for every container at run time
Correct Answer: A
Explanation
The command docker run --log-driver=splunk for every container at run time will configure a Docker container to export container logs to the logging solution. The reason is that the --log-driver option specifies the logging driver for the container, which determines how the container logs are handled1. The splunk logging driver is a plugin that sends container logs to HTTP Event Collector in Splunk Enterprise and Splunk Cloud2. To use the splunk logging driver, you also need to provide some additional options with the --log-opt flag, such as the Splunk token, URL, source, sourcetype, index, etc2. For example, to run a container with the splunk logging driver and send the logs to a Splunk instance with the URL https://splunk.example.com:8088 and the token 176fabb6-7811-4b3a-8ba0-4d49302e50f2, you can use:
docker run --log-driver=splunk --log-opt splunk-token=176fabb6-7811-4b3a-8ba0-4d49302e50f2 --log-opt splunk-url=https://splunk.example.com:8088 ...
This way, you can configure a Docker container to export container logs to Splunk, which is a centralized logging solution. Alternatively, you can also configure the splunk logging driver as the default logging driver for the Docker daemon by setting the log-driver and log-opts keys in the daemon.json file and restarting Docker3. This will apply the splunk logging driver to all containers unless overridden by the --log-driver option. References:
* Configure logging drivers
* Splunk logging driver
* Set the logging driver for the Docker daemon