-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Splunk is a powerful tool. With a free license or a Developer License, you can support some pretty neat projects and training. Docker is a great way to run Splunk, particularly for developing new apps with manual data uploads. However, for a home lab or range, you may wish for persistent storage and a uf for various collections purposes. This is a simple project to perform just that.
To run Splunk on Podman:
- Make the run-podman shell script executable.
chmod +x ./run-podman.sh
- Run the run-podman shell script.
./run-podman.sh
- Verify that the container is running in podman.
podman ps
To run Splunk on Docker:
- Make the run-docker shell script executable.
chmod +x ./run-docker.sh
- Run the run-docker shell script.
./run-docker.sh
- Verify that the container is running in docker.
docker ps
To run Splunk from Portainer:
-
Navigate to
Stacks
and selectAdd stack
-
Select
git Respository
for the Build method -
Use the following options: Git repositorY
Repository URL:https://github.com/christian-taillon/splunk-docker
Repository reference: refs/heads/main
Compose path: docker-compose.yml
- Add a password in the environment variables
Click Add an environment variable
name: password
value: <strong-password>
- Deploy stack by selecting
Deploy the stack
For those working at a company that is a Splunk Customer who wish to contribute to Splunk's App store Splunkbase.
Request a Developer License here
- Log in to Splunk Web as a user with admin privileges and navigate to Manager > License.
- Review the text below the License and usage area, find the switch to a free license link, and click it. A login page is displayed.
- Select Switch to Free License and click Continue.
- You are prompted to reboot.
Copy the $SPLUNK_HOME/etc/splunk-free.license to $SPLUNK_HOME/etc/splunk.license
Restart Splunk (./splunk restart)
To upgrade, pull down the latest images. Remove the containers, and re-run docker-compose or rebuild the stack.
- Run
docker pull splunk/splunk:latest
anddocker pull splunk/universalforwarder:latest
- Remove existing containers:
docker ps
Identify the container ids forso1
anduf1
docker stop [container_id]
docker rm [container_id]
- Rebuild the stack by re-runing the deploy script or rebuilding
example:
docker-compose up -d