We currently use the "logs" prospector to collect JSON logs that Docker outputs. I just recently noticed there is now a native "docker" input [1]. What are the benefits of using this over the "logs" prospector?
The main advantage if the docker prospector over the log prospector is that it already works out of the box and the settings to make the log prospector work with the docker files are already set.
An other advantage is that it allows us to make docker specific tweaks to it on the code side. A good example that happened recently is the detection of the multiline events in the docker log (coming from docker). As this is something we do on the code side and is specific to docker logs, it will only be in the docker prospector. So in general if you consume docker logs, I would recommend to use the docker prospector.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.