Select Page

Installing latest Splunk in 5 minutes using Docker

Installing latest Splunk in 5 minutes using Docker

From 0 to Splunk in 5 minutes using Docker and Compose

Splunk is an American multinational corporation headquartered in San Francisco, California, which produces software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface.

Docker is an open source software platform to create, deploy and manage virtualized application containers on a common operating system (OS), with an ecosystem of allied tools. 

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.

Install docker and docker-compose

if not already done by running

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" sudo apt-get update sudo apt-get install -y docker-ce sudo usermod -aG docker ${USER}  sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose docker-compose -v

Create a new file docker-compose.yml

version: '3'  volumes:   opt-splunk-etc:   opt-splunk-var:  services:   splunkenterprise:     #build: .     hostname: splunkenterprise     image: splunk/splunk:7.3     environment:       SPLUNK_START_ARGS: --accept-license       SPLUNK_PASSWORD: "put password here or pass -e SPLUNK_PASSWORD=xxxxxx to start command"       SPLUNK_ADD: tcp 1514       SPLUNK_USER: root       SPLUNK_ENABLE_LISTEN: 9997       SPLUNK_ADD: tcp 1514     volumes:       - opt-splunk-etc:/opt/splunk/etc       - opt-splunk-var:/opt/splunk/var     ports:       - "8080:8000"       - "9997:9997"       - "8088:8088"       - "1514:1514"

 To start and stop Splunk:

sudo docker-compose -f docker-compose.yml up -d sudo docker-compose -f docker-compose.yml down

You can now browse Splunk at http://localhost:8080 

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments

Categories

0
Would love your thoughts, please comment.x
()
x