Docker Community Forums

Share and learn in the Docker community.

Splunk log driver gives "Forbidden"

(Isaach) #1

I am trying to use the splunk logging driver, like this:

docker run --log-driver=splunk --log-opt splunk-token=my-hec-token --log-opt splunk-url="https://splunkheavy:8088" --log-opt splunk-index=docker --log-opt splunk-insecureskipverify=true -p 8000:80 nginx
docker: Error response from daemon: failed to initialize logging driver: Options https://splunkheavy:8088/services/collector/event/1.0: Forbidden.
ERRO[0000] error waiting for container: context canceled

I have verifed my splunk hec with the following command:

curl -k "https://splunkheavy:8088/services/collector/event/1.0" -H "Authorization: Splunk my-hec-token" -d '{"event": "Hello, world!"}'

Docker version:

docker --version
Docker version 17.06.2-ee-16, build 9ef4f0a

So it seems my parameters are correct, network connectivity is OK … what have I missed?

(Isaach) #2

I finally found the problem: I have a proxy defined in


l had to add my splunkheavy to the NO_PROXY environmental variable, because docker was trying to access my splunkheavy via the proxy (which is only for internet access). Finally my https-proxy.conf looks like this:

Environment="HTTPS_PROXY=" "NO_PROXY=splunkheavy,localhost,,"

Then reload the systemctl daemon and docker:

systemctl daemon-reload
systemctl restart docker

And all is fine.