Skip to content

dmanojbaba/docker-splunk-minion

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
sandbox-app
sandbox-app
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
minion
minion
 
 

Repository files navigation

Docker Splunk Minion

This repository enables users to build and manage a Splunk Enterprise sandbox on a Local Machine using Docker.

Prerequisites:

Getting Started:

  • Clone or download this repository
  • Change current working directory to the cloned location
    • Example cd docker-splunk-minion
  • As required, add/edit the conf files in the sandbox-app directory
  • Run: ./minion run to pull & run the latest splunk/splunk docker image

Next Steps:

  • After starting Splunk, access the web interface using default credentials admin:changeme at http://localhost:8000/app/sandbox-app/
  • After manually editing the objects via conf files in sandbox-app directory,
  • To persistently save the required knowledge objects outside the Splunk docker sandbox, ensure the objects are saved in sandbox-app and Sharing permissions are set to App ["This app"] or Global ["All apps"]
  • To stop the Splunk docker sandbox and resume later, run: ./minion stop and ./minion start respectively
  • Run: ./minion rm to remove all indexed data, private objects, and objects saved in other apps
  • Run: ./minion rmi to remove the docker image
  • As required, edit the SPLUNK_PASSWORD, DOCKER_IMAGE_TAG, and other variable values in the minion script file

Usage:

./minion [option]
Option Description Example
run [TAG] Run the Splunk Image.
If no tag is provided, latest tag is used.		 ./minion run
./minion run 7.3.5
start Start the Splunk instance on the docker sandbox ./minion start
stop Stop the Splunk instance on the docker sandbox ./minion stop
restart Stop and Start the Splunk instance on the docker sandbox ./minion restart
status Status of the Splunk instance on the docker sandbox ./minion status
splunk [command] Execute a Splunk command ./minion splunk list monitor
./minion splunk btool inputs list
shell Enter the interactive bash shell on the docker container ./minion shell
./minion bash
exec [command] Execute a command on the docker container ./minion exec tail /opt/splunk/var/log/splunk/splunkd.log
rm Remove the docker container ./minion rm
./minion remove
rmi [TAG] Remove the docker image.
If no tag is provided, latest tag is used.		 ./minion rmi
./minion rmi 7.3.5

References:

For bugs, enhancements, or other requests create an issue in this repository

About

Docker Splunk Sandbox

Topics

docker splunk sandbox

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages