The Docker Events'tab does not display any event #20
Description
[root@clh-ucp01 ~]# docker --version
Docker version 17.06.2-ee-6, build e75fdb8
Universal Control Plane Version 2.2.5 42d28d140 | API Version: 1.30
Universal forwarder: pulling splunk/universalforwarder:7.0.0-monitor
Splunk Enterprise: pulling splunk/splunk:7.0.0-monitor
from one of the docker host running the universal forwader I can see that the scripts docker_events.sh is running
[root@clh-ucp01 ~]# docker ps | grep uni
9e960200aa38 splunk/universalforwarder:7.0.0-monitor "/sbin/entrypoint...." About an hour ago Up About an hour 1514/tcp, 8088-8089/tcp splunk_splunkuniversalforwarder.x3xm839eqtc2bp m3ijc4u7uk6.lsf7g4mav3br9ag8ps2tcgymg
[root@clh-ucp01 ~]# docker exec -it 9e960200aa38 bash
root@spuf-x3xm839eqtc2bpm3ijc4u7uk6:/opt/splunk# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 21700 1732 ? Ss 12:20 0:00 /bin/bash /sbin/entrypoint.sh start-service
root 52 0.6 1.6 226052 130696 ? Sl 12:20 0:20 splunkd -p 8089 start
root 56 0.1 0.1 71956 11932 ? Ss 12:20 0:03 [splunkd pid=52] splunkd -p 8089 start [process-runner]
root 95 0.0 0.0 4328 648 ? Ss 12:20 0:00 /bin/sh -c /opt/splunk/etc/apps/ta-dockerstats/bin/docker_events.s
root 96 0.0 0.0 21656 1600 ? S 12:20 0:00 /bin/bash /opt/splunk/etc/apps/ta-dockerstats/bin/docker_events.sh
root 98 0.0 0.1 24208 12552 ? Sl 12:20 0:02 /opt/splunk/etc/apps/ta-dockerstats/bin/docker events
root 435 0.0 0.0 41560 1892 ? S 12:20 0:00 sudo -HEu root tail -n 0 -f /opt/splunk/var/log/splunk/splunkd_std
root 436 0.0 0.0 5832 616 ? S 12:20 0:00 tail -n 0 -f /opt/splunk/var/log/splunk/splunkd_stderr.log
root 128064 0.3 0.0 21848 2020 pts/0 Ss 13:17 0:00 bash
root 128070 0.0 0.0 19092 1284 pts/0 R+ 13:17 0:00 ps aux
root@spuf-x3xm839eqtc2bpm3ijc4u7uk6:/opt/splunk# exit
using search, it seems I can receive "events" with the sourcetype="dockervents"
see here: https://gist.github.com/chris7444/62c91ee7583aa843751aaad3c7a8b425