Public | Automated Build

Last pushed: 2 years ago
Short Description
This is the Splunk universal-forwarder docker container.
Full Description

DockerSplunk

Introduction:

I am significantly indebted to the work of Denis Gladkikh (https://www.outcoldman.com). His
docker-splunk container (https://github.com/outcoldman/docker-splunk) was the absolute source
for what I have here. Indeed, I copied his work exactly as it stood as my original version.

Frankly, these are customized for my use. If you are looking for Splunk in a Docker Container,
I would encourage you to go check out Denis's work.

Directories / Containers / Other Stuff:

Each docker container is built from a unique subdirectoroy.

First, you need to clone the entire repo. This is how I suggest you do so:

mkdir docker-splunk && cd $_
get clone git@github.com:tbfed/DockerSplunk.git

Each is connected to a public repo on https://hub.docker.com, as follows:

docker-busybox

This is a busybox based docker container that is designed to hold the Splunk data. This
allows for persistent data, both as part of the container, or, optionally, on the
physical drive, via published volumes.

  • git branch: splunkdata
git checkout -b splunkdata

<do your thing>

git add --all
git commit -m "whatever"
git push origin splunkdata

docker-splunk

This is the main Splulnk executable. It can be used as an all-in-one process, or as
the splunkweb only, or as an indexer only, or as a heavy-weight forwarder, all
based on the environment variables and other configurations passed to it on startup.

  • git branch: splunkserver
git checkout -b splunkserver

<do your thing>

git add --all
git commit -m "whatever"
git push origin splunkserver

docker-universalforwarder

This is the basic universal forwarder process. It can only act as a forwarder.

  • git branch: universalforwarder
git checkout -b universalforwarder`

<do your thing>

git add --all
git commit -m "whatever"
git push origin universalforwarder

docker-status.sh

This is a script I wrote to give me a lot of details about all of the containers
from the docker ps -a command.

start.sh

This is an example script which starts up the containers. This was for my own
testing, and is NOT the best way to start them up. If you are using this to
test things, then okay; if you think this is a valuable way to handle your
production systems, you need help. Just sayin....

Docker Pull Command
Owner
dcrites
Source Repository