Harness Delegate Logs to Splunk

Has anyone accomplished getting delegate logs into Splunk?
We’re running ECS clusters backed by EC2 instances.
For Splunk it’s Splunk Cloud. Any insight is appreciated.


Not an expert in Splunk, but the delegate logs can be found here:

Not sure of the best way to configure the forwarder to pick up at the delegate log location:

This might help but not sure on the container wiring.

I’ll ask around.



Hi Rico,

Harness does not write logs to stdout but to a file, and the file is in a fixed location.
You can explore a log forwarder -


And use Harness Delegate Profile to install forwarder on the delegate. You can find more about Delegate Profiles here:


Hope this helps!


  • Hunar
1 Like

Is this something Harness could change in the provided harness/delegate Docker image? The Delegate itself wouldn’t need to change how it logs, but the Docker image could output by default to stdout, which’d make it compatible with lots of Docker logging solutions.

For the OP, they could use the ECS Splunk integration to log stdout of the container directly to Splunk. For others including myself, it could also log directly into CloudWatch without needing to install a forwarder into the image.

Perhaps just a tail -F delegate.log watcher.log & in the run.sh startup script would work.


We have seen this request a few times before (Splunk and SumoLogic use cases). We have something called a Delegate Profile (https://docs.harness.io/article/nxhlbmbgkj-common-delegate-profile-scripts) that can install a log-forwarder to send the delegate.log and the watcher.log to the desired Logging solution.

SumoLogic: https://help.sumologic.com/07Sumo-Logic-Apps/10Containers_and_Orchestration/Kubernetes/Collect_Logs_for_Kubernetes (Follow steps to alter source in the appropriate YAML to point to the desired Harness Logs)

Splunk: https://splunkbase.splunk.com/app/3743/#/details (Follow steps to point the collector to the desired Harness Logs)

We have a Feature Enhancement in to support this.

Thanks, will use an agent in the container for the time being.

We have a Feature Enhancement in to support this.