From 2ee07ed8b29f29a8524cbedc6208d6efaec9d874 Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Mon, 18 Nov 2019 17:24:35 -0800 Subject: [PATCH 1/2] Adding example for Splunk Free --- docs/EXAMPLES.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/EXAMPLES.md b/docs/EXAMPLES.md index d661bf7e..a998a927 100644 --- a/docs/EXAMPLES.md +++ b/docs/EXAMPLES.md @@ -14,6 +14,7 @@ Note that for more complex scenarios, we will opt to use a [Docker compose file] * [...with any app](#create-standalone-with-app) * [...with a SplunkBase app](#create-standalone-with-splunkbase-app) * [...with SSL enabled](#create-standalone-with-ssl-enabled) + * [...with a Free license](#create-standalone-with-free-license) * [Create standalone and universal forwarder](#create-standalone-and-universal-forwarder) * [Create heavy forwarder](#create-heavy-forwarder) * [Create heavy forwarder and deployment server](#create-heavy-forwarder-and-deployment-server) @@ -188,7 +189,6 @@ $ SPLUNKBASE_PASSWORD= SPLUNK_PASSWORD= docker-co ``` ## Create standalone with SSL enabled - To enable SSL over SplunkWeb, you'll first need to generate your self-signed certificates. Please see the [Splunk docs](https://docs.splunk.com/Documentation/Splunk/latest/Security/Self-signcertificatesforSplunkWeb) on how to go about doing this. For the purposes of local development, you can use: ``` openssl req -x509 -newkey rsa:4096 -passout pass:abcd1234 -keyout /home/key.pem -out /home/cert.pem -days 365 -subj /CN=localhost @@ -207,6 +207,14 @@ $ docker run --name so1 --hostname so1 -p 8000:8000 \ -it splunk/splunk:latest ``` +## Create Standalone with Free license +[Splunk Free](https://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree) is the totally free version of Splunk software. The Free license lets you index up to 500 MB per day and will never expire. + +Execute the following to bring up a Splunk Free standalone environment: +``` +$ docker run --name so1 --hostname so1 -p 8000:8000 -e SPLUNK_PASSWORD= -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_LICENSE_URI=Free -it splunk/splunk:latest +``` + ## Create standalone and universal forwarder You can also enable distributed deployments. In this case, we can create a Splunk universal forwarder running in a container to stream logs to a Splunk standalone, also running in a container. From ea45c42dd25806bee8ff01e07de763ca0364b282 Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Mon, 18 Nov 2019 17:35:53 -0800 Subject: [PATCH 2/2] More Splunk Free content --- docs/advanced/LICENSE_INSTALL.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/advanced/LICENSE_INSTALL.md b/docs/advanced/LICENSE_INSTALL.md index 5fda9c66..9e4ef32f 100644 --- a/docs/advanced/LICENSE_INSTALL.md +++ b/docs/advanced/LICENSE_INSTALL.md @@ -8,6 +8,7 @@ There are primarily two different ways to apply a license when starting your con * [Path to file](#path-to-file) * [Download via URL](#download-via-url) +* [Free license](#splunk-free-license) * [Using a license master](#using-a-license-master) ## Path to file @@ -94,6 +95,14 @@ You should be able to bring up your deployment with the Splunk license automatic $ SPLUNK_PASSWORD= docker stack deploy --compose-file=docker-compose.yml splunk_deployment ``` +## Splunk Free license +Not to be confused with an actual free Splunk enterprise license, but [Splunk Free](https://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree) is a product offering that enables the power of Splunk with a never-expiring but ingest-limited license. By default, when you create a Splunk environment using this Docker container, it will enable a Splunk Trial license which is good for 30 days from the start of your instance. With Splunk Free, you can create a full developer environment of Splunk for any personal, sustained usage. + +To bring up a single instance using Splunk Free, you can run the following command: +``` +$ docker run --name so1 --hostname so1 -p 8000:8000 -e SPLUNK_PASSWORD= -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_LICENSE_URI=Free -it splunk/splunk:latest +``` + ## Using a license master When starting up a distributed Splunk deployment, it may be inefficient for each Splunk instance to apply/fetch the same license. Luckily, there is a dedicated Splunk role for this - `splunk_license_master`. For more information on what this role is, please refer to Splunk documentation on [license masters](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Configurealicensemaster).