|
1 |
| -# docker-splunk: Containerizing Splunk Enterprise |
| 1 | +# Docker-Splunk: Containerizing Splunk Enterprise |
2 | 2 |
|
3 | 3 | [](https://circleci.com/gh/splunk/docker-splunk/tree/develop)
|
4 | 4 | [](https://opensource.org/licenses/Apache-2.0)
|
5 | 5 | [](https://github.com/splunk/docker-splunk/releases)
|
6 | 6 |
|
7 |
| -Welcome to Splunk's official repository of Dockerfiles for building Splunk Enterprise and Splunk Universal Forwarder images using containerization technology. |
| 7 | +Welcome to the official Splunk repository of Dockerfiles for building Splunk Enterprise and Splunk Universal Forwarder images for containerized deployments. |
8 | 8 |
|
9 | 9 | ----
|
10 | 10 |
|
11 | 11 | ## Table of Contents
|
12 | 12 |
|
13 | 13 | 1. [Purpose](#purpose)
|
14 |
| -2. [Quickstart](#quickstart) |
15 |
| -3. [Documentation](#documentation) |
16 |
| -4. [Support](#support) |
17 |
| -5. [Contributing](#contributing) |
18 |
| -6. [License](#license) |
| 14 | +1. [Quickstart](#quickstart) |
| 15 | +1. [Documentation](#documentation) |
| 16 | +1. [Support](#support) |
| 17 | +1. [Contributing](#contributing) |
| 18 | +1. [License](#license) |
19 | 19 |
|
20 | 20 | ----
|
21 | 21 |
|
22 | 22 | ## Purpose
|
23 | 23 |
|
24 | 24 | #### What is Splunk Enterprise?
|
25 |
| -Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results. |
| 25 | +[Splunk Enterprise](https://www.splunk.com/en_us/software/splunk-enterprise.html) is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results. |
26 | 26 |
|
27 |
| -Refer to [Splunk products](https://www.splunk.com/en_us/software.html) for more knowledge about the features and capabilities of Splunk, and how you can bring it into your organization. |
| 27 | +See [Splunk Products](https://www.splunk.com/en_us/software.html) for more information about the features and capabilities of Splunk products and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html). |
28 | 28 |
|
29 |
| -#### What is docker-splunk? |
| 29 | +#### What is Docker-Splunk? |
30 | 30 | This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk Enterprise.
|
31 | 31 |
|
32 |
| -The provisioning of these containers is handled by the [splunk-ansible](https://github.com/splunk/splunk-ansible) project. See the [Ansible documentation](http://docs.ansible.com/) for more details about Ansible concepts and how it works. |
| 32 | +The provisioning of these containers is handled by the [Splunk-Ansible](https://github.com/splunk/splunk-ansible) project. Refer to the [Splunk-Ansible documentation](https://splunk.github.io/splunk-ansible/) and the [Ansible User Guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) for more details. |
33 | 33 |
|
34 | 34 | ----
|
35 | 35 |
|
36 | 36 | ## Quickstart
|
37 |
| -Use the following command to start a single standalone instance of Splunk Enterprise: |
| 37 | + |
| 38 | +Start a single containerized instance of Splunk Enterprise with the command below, replacing `<password>` with a password string that conforms to the [Splunk Enterprise password requirements](https://docs.splunk.com/Documentation/Splunk/latest/Security/Configurepasswordsinspecfile). |
38 | 39 | ```bash
|
39 |
| -$ docker run -it --name so1 -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:latest |
| 40 | +$ docker run -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" \ |
| 41 | + -e "SPLUNK_START_ARGS=--accept-license" \ |
| 42 | + -it --name so1 splunk/splunk:latest |
40 | 43 | ```
|
41 | 44 |
|
42 |
| -Let's break down what this command does: |
43 |
| -1. Starts a Docker container interactively using the `splunk/splunk:latest` image. |
44 |
| -2. Expose a port mapping from the host's `8000` to the container's `8000`. |
45 |
| -3. Specify a custom `SPLUNK_PASSWORD` - be sure to replace `<password>` with any string that conforms to the [Splunk Enterprise password requirements](https://docs.splunk.com/Documentation/Splunk/latest/Security/Configurepasswordsinspecfile). |
46 |
| -4. Accept the license agreement with `SPLUNK_START_ARGS=--accept-license`. This must be explicitly accepted on every `splunk/splunk` container, otherwise Splunk will not start. |
| 45 | +This command does the following: |
| 46 | +1. Starts a Docker container using the `splunk/splunk:latest` image. |
| 47 | +1. Names the container as `so1`. |
| 48 | +1. Exposes a port mapping from the host's `8000` port to the container's `8000` port |
| 49 | +1. Specifies a custom `SPLUNK_PASSWORD`. |
| 50 | +1. Accepts the license agreement with `SPLUNK_START_ARGS=--accept-license`. This agreement must be explicitly accepted on every container or Splunk Enterprise doesn't start. |
47 | 51 |
|
48 |
| -After the container starts up successfully, you should be able to access SplunkWeb at http://localhost:8000 with `admin:<password>`. |
| 52 | +After the container starts up, you can access Splunk Web at <http://localhost:8000> with `admin:<password>`. |
49 | 53 |
|
50 | 54 | To view the logs from the container created above, run:
|
51 | 55 | ```bash
|
52 | 56 | $ docker logs -f so1
|
53 | 57 | ```
|
54 | 58 |
|
55 |
| -To enter the container and run some Splunk CLI commands: |
| 59 | +To enter the container and run Splunk CLI commands, run: |
56 | 60 | ```bash
|
57 |
| -# Defaults to "ansible" user |
| 61 | +# Defaults to the user "ansible" |
58 | 62 | docker exec -it so1 /bin/bash
|
59 |
| -# Run shell as "splunk" user |
| 63 | + |
| 64 | +# Run shell as the user "splunk" |
60 | 65 | docker exec -u splunk -it so1 bash
|
61 | 66 | ```
|
62 | 67 |
|
63 |
| -For an example of how to enable TCP 10514 for listening: |
| 68 | +To enable TCP 10514 for listening, run: |
64 | 69 | ```bash
|
65 | 70 | docker exec -u splunk so1 /opt/splunk/bin/splunk add tcp 10514 \
|
66 | 71 | -sourcetype syslog -resolvehost true \
|
67 | 72 | -auth "admin:${SPLUNK_PASSWORD}"
|
68 | 73 | ```
|
69 | 74 |
|
70 |
| -To install an app: |
| 75 | +To install an app, run: |
71 | 76 | ```bash
|
72 |
| -# Alternatively, apps can be installed at Docker run-time, ex: |
73 |
| -# docker run -e SPLUNK_APPS_URL=http://web/app.tgz ... |
74 | 77 | docker exec -u splunk so1 /opt/splunk/bin/splunk install \
|
75 | 78 | /path/to/app.tar -auth "admin:${SPLUNK_PASSWORD}"
|
| 79 | + |
| 80 | +# Alternatively, apps can be installed at Docker run-time |
| 81 | +docker run -e SPLUNK_APPS_URL=http://web/app.tgz ... |
76 | 82 | ```
|
77 | 83 |
|
78 |
| -Additional information on Docker support for Splunk Enterprise can be found [here](https://docs.splunk.com/Documentation/Splunk/latest/Installation/DeployandrunSplunkEnterpriseinsideDockercontainers). |
| 84 | +See [Deploy and run Splunk Enterprise inside a Docker container](https://docs.splunk.com/Documentation/Splunk/latest/Installation/DeployandrunSplunkEnterpriseinsideDockercontainers) for more information. |
79 | 85 |
|
80 | 86 | ---
|
81 | 87 |
|
82 | 88 | ## Documentation
|
83 |
| -Visit the [docker-splunk documentation](https://splunk.github.io/docker-splunk/) page for full usage instructions, including installation, examples, and advanced deployment scenarios. |
| 89 | +Visit the [Docker-Splunk documentation](https://splunk.github.io/docker-splunk/) page for full usage instructions, including installation, examples, and advanced deployment scenarios. |
84 | 90 |
|
85 | 91 | ---
|
86 | 92 |
|
|
0 commit comments