Install Docker Agent

George Alpizar
George Alpizar
  • Updated


You can use this document to learn how to install the Edge Delta agent for your Docker-based software platform.


Before you deploy the agent, we recommend that you review the Review Agent Requirements document. 

Step 1: Create a Configuration and Download the Agent

  1. In the Edge Delta App, on the left-side navigation, click Data Pipeline, and then click Agent Settings.
  2. Click Create Configuration.
  3. Select Docker.
  4. Click Save.
  5. In the table, locate the newly created configuration, then click the corresponding vertical green ellipses, and then click Deploy Instructions.  
  6. Click Docker.
  7. In the window that appears, copy the command.
    • This window also displays your API key. Copy this key for a later step.
  8. Paste and then run the command on the host where you want to deploy Edge Delta. The installation process will begin.

Step 2: Run the Container

When you run the Edge Delta container, you can either have the Edge Delta container fetch its configuration from the Edge Delta Central Configuration Backend (recommended) or use a local configuration file.

Option 1: Run with an API Key Utilizing Agent Management Configuration


To learn more about agent configuration management, see Learn About Agent Management Configuration.


The container must have internet access to fetch the configuration.

Run the following command. Replace <YOUR_API_KEY> with the key you copied earlier.

docker run -it \
-v /var/run/docker.sock:/var/run/docker.sock:ro \

Option 2: Run with a Local Configuration File

Run the following command. Replace $PWD/config.yml with the absolute path of the local configuration file on host.

 docker run -it \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v $PWD/config.yml:/edgedelta/config.yml \

Limit Resource Consumption

You can limit the CPU or memory resources that the Edge Delta container consumes.

The following example limits the Edge Delta container to 25% CPU and 256 MB of memory.

docker run -it --cpus=".25" --memory="256m" \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v $PWD/config_docker.yml:/edgedelta/config.yml \

Review Example Configuration

The following example configuration displays a default configuration that can be deployed. 

You can comment (or uncomment) parameters as need, as well as populate appropriate values to create your desired configuration.

#Configuration File Version (currently v1 and v2 supported)
version: v2

#Global settings to apply to the agent
  tag: docker_onboarding
    level: info
  anomaly_capture_size: 1000
  anomaly_confidence_period: 30m

#Inputs define which datasets to monitor (files, containers, syslog ports, windows events, etc.)
    labels: "container_stats"
    - labels: "docker_logs,all_containers"
        - "image=.*"
#  files:
#    - labels: "system_logs, auth"
#      path: "/var/log/auth.log"
#  ports:
#    - labels: "syslog_ports"
#      protocol: tcp
#      port: 1514

#Outputs define destinations to send both streaming data, and trigger data (alerts/automation/ticketing)
  #Streams define destinations to send "streaming data" such as statistics, anomaly captures, etc. (Splunk, Sumo Logic, New Relic, Datadog, InfluxDB, etc.)
    ##Sumo Logic Example
    #- name: sumo-logic-integration
    #  type: sumologic
    #  endpoint: "<ADD SUMO LOGIC HTTPS ENDPOINT>"

    #Splunk Example
    #- name: splunk-integration
    #  type: splunk
    #  endpoint: "<ADD SPLUNK HEC ENDPOINT>"
    #  token: "<ADD SPLUNK TOKEN>"

    ##Datadog Example
    #- name: datadog-integration
    #  type: datadog
    #  api_key: "<ADD DATADOG API KEY>"

    ##New Relic Example
    #- name: new-relic-integration
    #   type: newrelic
    #   endpoint: "<ADD NEW RELIC API KEY>"

    ##Influxdb Example
    #- name: influxdb-integration
    #  type: influxdb
    #  endpoint: "<ADD INFLUXDB ENDPOINT>"
    #  port: <ADD PORT>
    #  features: all
    #  tls:
    #    disable_verify: true
    #  token: "<ADD JWT TOKEN>"
    #  db: "<ADD INFLUX DATABASE>"

  ##Triggers define destinations for alerts/automation (Slack, PagerDuty, ServiceNow, etc)
    ##Slack Example
    #- name: slack-integration
    #  type: slack

#Processors define analytics and statistics to apply to specific datasets
    name: clustering
    num_of_clusters: 50          # keep track of only top 50 and bottom 50 clusters
    samples_per_cluster: 2       # keep last 2 messages of each cluster
    reporting_frequency: 30s     # report cluster samples every 30 seconds

#Regexes define specific keywords and patterns for matching, aggregation, statistics, etc.
    - name: "error_level"
      pattern: "ERROR|error|Error|Err|ERR"
        anomaly_probability_percentage: 95

    - name: "exception_check"
      pattern: "Exception|exception|EXCEPTION"
        anomaly_probability_percentage: 95

    - name: "fail_level"
      pattern: "FAIL|Fail|fail"
        anomaly_probability_percentage: 95

    - name: "info_level"
      pattern: "INFO|info|Info"

    - name: "warn_level"
      pattern: "WARN|warn|Warn"

    - name: "debug_level"
      pattern: "DEBUG|debug|Debug"

    - name: "success_check"
      pattern: "Success|SUCCESS|success|Succeeded|succeeded|SUCCEEDED"

#Workflows define the mapping between input sources, which processors to apply, and which destinations to send the streams/triggers to
      - container_stats

      - docker_logs
      - clustering
      - error_level
      - info_level
      - warn_level
      - debug_level
      - fail_level
      - exception_check
      - success_check
      #- streaming_destination_a    #Replace with configured streaming destination
      #- streaming_destination_b    #Replace with configured streaming destination
      #- trigger_destination_a      #Replace with configured trigger destination
      #- trigger_destination_b      #Replace with configured trigger destination


Troubleshoot the Agent

To verify that the agent's container is running, run the following Docker command. If the container is running, then a container containing edgedelta in the IMAGE name should display.

docker ps

To check the agent's log file for any errors that may indicate an issue with the agent, configuration, or deployment settings, run the following command to view all containers (whether running or not). This command will display the CONTAINER ID of the Edge Delta Agent.

docker ps -a

Copy the CONTAINER ID of the agent, which should be listed at the top of the list of containers, and then run the following command with the agent's CONTAINER ID:

docker logs CONTAINERID

View Your Agent Version 

  1. In the Edge Delta App, on the left-side navigation, click Data Pipeline, and then click Pipeline Status
  2. Navigate to the Active Agents table.
  3. Review the Agent Version column for your corresponding agent. 

Upgrade the Agent 

If your agent's image is set to agent:latest, then new agent instances will run on the latest agent version.

  • The original agent instance will run on the agent version that was available during agent deployment.

If your agent's image is set to a specified version, then new agent instances will run on the specified version, not the latest agent version. 

  • To upgrade all agents to the latest version, replace the previously configured version number with the latest agent version, such as agent:v0.1.15.
    • Review the following example:
    • The latest version of the agent is listed in the Edge Delta Releases page.

Share this document