I am significantly indebted to the work of Denis Gladkikh (https://www.outcoldman.com). His
docker-splunk container (https://github.com/outcoldman/docker-splunk) was the absolute source
for what I have here. Indeed, I copied his work exactly as it stood as my original version.
Frankly, these are customized for my use. If you are looking for Splunk in a Docker Container,
I would encourage you to go check out Denis's work.
Directories / Containers / Other Stuff:
Each docker container is built from a unique subdirectoroy.
First, you need to clone the entire repo. This is how I suggest you do so:
mkdir docker-splunk && cd $_ get clone email@example.com:tbfed/DockerSplunk.git
Each is connected to a public repo on https://hub.docker.com, as follows:
This is a busybox based docker container that is designed to hold the Splunk data. This
allows for persistent data, both as part of the container, or, optionally, on the
physical drive, via published volumes.
- docker hub: https://hub.docker.com/r/dcrites/splunkbusybox/
This is the main Splulnk executable. It can be used as an all-in-one process, or as
the splunkweb only, or as an indexer only, or as a
heavy-weight forwarder, all
based on the environment variables and other configurations passed to it on startup.
- docker hub: https://hub.docker.com/r/dcrites/splunkserver/
This is the basic universal forwarder process. It can only act as a forwarder.
This is a script I wrote to give me a lot of details about all of the containers
docker ps -a command.
This is an example script which starts up the containers. This was for my own
testing, and is NOT the best way to start them up. If you are using this to
test things, then okay; if you think this is a valuable way to handle your
production systems, you need help. Just sayin....