splunk/docker-splunk splunk/docker-splunk

  • Stars
    star
    410
  • Rank 102,348 (Top 3 %)
  • Language
    Python
  • Created over 5 years ago
  • Updated 11 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
splunk/docker-splunk
github

splunk

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Splunk Docker GitHub Repository

Docker-Splunk: Containerizing Splunk Enterprise

LicenseΒ  GitHub release

Welcome to the official Splunk repository of Dockerfiles for building Splunk Enterprise and Splunk Universal Forwarder images for containerized deployments.

βš οΈβ€‚DEPRECATION NOTICE
We are no longer releasing Debian images on Docker Hub as of May 2021 (Splunk Enterprise v8.2.0+). Red Hat images will continue to be published.

Table of Contents

  1. Purpose
  2. Quickstart
  3. Documentation
  4. Support
  5. Contributing
  6. License

Purpose

What is Splunk Enterprise?

Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.

See Splunk Products for more information about the features and capabilities of Splunk products and how you can bring them into your organization.

What is Docker-Splunk?

This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk Enterprise.

The provisioning of these containers is handled by the Splunk-Ansible project. Refer to the Splunk-Ansible documentation and the Ansible User Guide for more details.

Quickstart

Start a single containerized instance of Splunk Enterprise with the command below, replacing <password> with a password string that conforms to the Splunk Enterprise password requirements.

$ docker run -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" \
             -e "SPLUNK_START_ARGS=--accept-license" \
             -it --name so1 splunk/splunk:latest

This command does the following:

  1. Starts a Docker container using the splunk/splunk:latest image.
  2. Names the container as so1.
  3. Exposes a port mapping from the host's 8000 port to the container's 8000 port
  4. Specifies a custom SPLUNK_PASSWORD.
  5. Accepts the license agreement with SPLUNK_START_ARGS=--accept-license. This agreement must be explicitly accepted on every container or Splunk Enterprise doesn't start.

After the container starts up, you can access Splunk Web at http://localhost:8000 with admin:<password>.

To view the logs from the container created above, run:

$ docker logs -f so1

To enter the container and run Splunk CLI commands, run:

# Defaults to the user "ansible"
docker exec -it so1 /bin/bash

# Run shell as the user "splunk"
docker exec -u splunk -it so1 bash

To enable TCP 10514 for listening, run:

docker exec -u splunk so1 /opt/splunk/bin/splunk add tcp 10514 \
    -sourcetype syslog -resolvehost true \
    -auth "admin:${SPLUNK_PASSWORD}"

To install an app, run:

docker exec -u splunk so1 /opt/splunk/bin/splunk install \
	/path/to/app.tar -auth "admin:${SPLUNK_PASSWORD}"

# Alternatively, apps can be installed at Docker run-time
docker run -e SPLUNK_APPS_URL=http://web/app.tgz ...

See Deploy and run Splunk Enterprise inside a Docker container for more information.

Documentation

Visit the Docker-Splunk documentation page for full usage instructions, including installation, examples, and advanced deployment scenarios.

Support

Use the GitHub issue tracker to submit bugs or request features.

If you have additional questions or need more support, you can:

  • Post a question to Splunk Answers
  • Join the #docker room in the Splunk Slack channel. If you're a new Splunk customer you can register for Slack here
  • If you are a Splunk Enterprise customer with a valid support entitlement contract and have a Splunk-related question, you can also open a support case on the https://www.splunk.com/ support portal

See the official support guidelines for more detailed information.

Contributing

We welcome feedback and contributions from the community! See our contribution guidelines for more information on how to get involved.

License

Copyright 2018-2020 Splunk.

Distributed under the terms of our license, splunk-ansible is free and open source software.

Authors

Splunk Inc. and the Splunk Community

More Repositories

1

attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
Jinja
1,983
star
2

security_content

Splunk Security Content
Python
1,131
star
3

splunk-sdk-python

Splunk Software Development Kit for Python
Python
649
star
4

attack_data

A repository of curated datasets from various attacks
Python
537
star
5

eventgen

Splunk Event Generator: Eventgen
Python
354
star
6

splunk-ansible

Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments
Python
344
star
7

splunk-connect-for-kubernetes

Helm charts associated with kubernetes plug-ins
Python
341
star
8

botsv2

Splunk Boss of the SOC version 2 dataset.
340
star
9

docker-splunk-legacy

Docker Splunk *** LEGACY IMAGES - PLEASE SEE https://github.com/splunk/docker-splunk INSTEAD ***
Shell
304
star
10

botsv1

302
star
11

pion

Pion Network Library (Boost licensed open source)
C++
299
star
12

splunk-operator

Splunk Operator for Kubernetes
Go
197
star
13

splunk-sdk-javascript

Splunk Software Development Kit for JavaScript
JavaScript
185
star
14

botsv3

Splunk Boss of the SOC version 3 dataset.
163
star
15

melting-cobalt

A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
Python
162
star
16

qbec

configure kubernetes objects on multiple clusters using jsonnet
Go
157
star
17

splunk-connect-for-syslog

Splunk Connect for Syslog
Python
142
star
18

splunk-sdk-java

Splunk Software Development Kit for Java
Java
138
star
19

splunk-library-javalogging

Splunk logging appenders for popular Java Logging frameworks
Java
131
star
20

ansible-role-for-splunk

Splunk@Splunk's Ansible role for installing Splunk, upgrading Splunk, and installing apps/addons on Splunk deployments (VM/bare metal)
Jinja
131
star
21

attack_range_local

Build a attack range in your local machine
Jinja
129
star
22

SA-ctf_scoreboard

Python
115
star
23

splunk-platform-automator

Ansible framework providing a fast and simple way to spin up complex Splunk environments.
Python
114
star
24

splunk-aws-cloudformation

AWS CloudFormation templates for Splunk distributed cluster deployment
Shell
107
star
25

securitydatasets

Home for Splunk security datasets.
97
star
26

splunk-aws-project-trumpet

Python
95
star
27

splunk-app-examples

App examples for Splunk Enterprise
JavaScript
93
star
28

splunk-demo-collector-for-analyticsjs

Example Node.js based backend collector for client-side data
JavaScript
93
star
29

terraform-provider-splunk

Terraform Provider for Splunk
Go
93
star
30

fluent-plugin-splunk-hec

This is the Fluentd output plugin for sending events to Splunk via HEC.
Ruby
83
star
31

network-explorer

C++
82
star
32

mltk-algo-contrib

Python
82
star
33

kafka-connect-splunk

Kafka connector for Splunk
Java
82
star
34

vscode-extension-splunk

Visual Studio Code Extension for Splunk
Python
82
star
35

splunk-javascript-logging

Splunk HTTP Event Collector logging interface for JavaScript
JavaScript
81
star
36

splunk-reskit-powershell

Splunk Resource Kit for Powershell
PowerShell
80
star
37

corona_virus

This project includes an app that allows users to visualize and analyze information about COVID-19 using data made publicly-available by Johns Hopkins University. For more information on legal disclaimers, please see the README.
Python
79
star
38

observability-workshop

To get started, please proceed to The Splunk Observability Cloud Workshop Homepage.
Shell
78
star
39

salo

Synthetic Adversarial Log Objects: A Framework for synthentic log generation
Python
70
star
40

docker-itmonitoring

Get Started with Streaming your Docker Logs and Stats in Splunk!
HTML
68
star
41

splunk-sdk-csharp-pcl

Splunk's next generation C# SDK
C#
65
star
42

docker-logging-plugin

Splunk Connect for Docker is a Docker logging plugin that allows docker containers to send their logs directly to Splunk Enterprise or a Splunk Cloud deployment.
Go
64
star
43

contentctl

Splunk Content Control Tool
Python
63
star
44

attack-detections-collector

Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique
Python
59
star
45

splunk-aws-serverless-apps

Splunk AWS Serverless applications and Lambda blueprints
JavaScript
54
star
46

splunk-connect-for-ethereum

Splunk Connect for Ethereum
TypeScript
52
star
47

ShellSweep

ShellSweeping the evil.
PowerShell
52
star
48

splunk-webframework

Splunk Web Framework
Python
51
star
49

splunk-app-splunkgit

GitHub App
Python
49
star
50

pytest-splunk-addon

A Dynamic test tool for Splunk Technology Add-ons
Python
47
star
51

splunk-mltk-container-docker

Splunk App for Data Science and Deep Learning - container images repository
Jupyter Notebook
44
star
52

splunk-cloud-sdk-go

The Splunk Cloud SDK for Go, contains libraries for building apps for the Splunk Cloud Services Platform.
Go
43
star
53

rba

RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.
42
star
54

splunk-app-testing

sample app along with a CICD pipeline for testing multiple versions of splunk
Shell
42
star
55

vault-plugin-secrets-gitlab

Vault Plugin for Gitlab Project Access Token
Go
40
star
56

rwi_executive_dashboard

Splunk Remote Work Insights - Executive Dashboard
HTML
38
star
57

splunk-sdk-ruby

Splunk Software Development Kit for Ruby
Ruby
36
star
58

splunk-shuttl

Splunk app for archive management, including HDFS support.
Java
35
star
59

addonfactory-ucc-generator

A framework to generate UI-based Splunk Add-ons.
Python
34
star
60

splunk-for-securityHub

Python
34
star
61

attack_range_cloud

Attack Range to test detection against nativel serverless cloud services and environments
Python
34
star
62

cloud-datamodel-security-research

A data model for cloud providers (AWS, GCP, Azure) based on security use cases
34
star
63

dashboard-conf19-examples

Splunk new dashboard framework examples .conf 2019
JavaScript
30
star
64

github_app_for_splunk

A collection of dashboards and knowledge objects for Github data
JavaScript
29
star
65

azure-functions-splunk

Azure Functions for getting data in to Splunk
JavaScript
28
star
66

splunk-connect-for-snmp

Python
28
star
67

jupyterhub-istio-proxy

JupyterHub proxy implementation for kubernetes clusters running istio service mesh
Go
27
star
68

twinclams

because twin clams are better than one clam?
Python
26
star
69

lightproto

Protobuf compatible code generator
Java
26
star
70

splunk-app-twitter

Twitter application for Splunk
Python
25
star
71

splunk-library-dotnetlogging

Support for logging from .NET Tracing and ETW / Semantic Logging ApplicationBlock to Splunk.
C#
25
star
72

observability-content-contrib

Contribution repository for Splunk Observability Content (e.g. Dashboards, Detectors, Examples, etc)
HCL
24
star
73

splunkrepl

An awesome little REPL for issuing SPLUNK queries
JavaScript
24
star
74

splunk-ref-pas-code

Splunk Reference App - Pluggable Auditing System (PAS) - Code Repo
Python
22
star
75

vault-plugin-splunk

Vault plugin to securely manage Splunk admin accounts and password rotation
Go
22
star
76

splunk-sdk-php

Splunk Software Development Kit for PHP
PHP
22
star
77

fluent-plugin-kubernetes-objects

This is the Fluentd input plugin which queries Kubernetes API to collect Kubernetes objects (like Nodes, Namespaces, Pods, etc.)
Ruby
22
star
78

splunk-heatwave-viz

A heatmap vizualization of bucketed ranged data over time.
JavaScript
21
star
79

pipelines

Concurrent processing pipelines in Go.
Go
21
star
80

splunk-gcp-functions

Python
20
star
81

splunk-tableau-wdc

Splunk Tableau Web Data Connector (WDC) Example
JavaScript
20
star
82

splunkforjenkins

Java
19
star
83

minecraft-app

Splunking Minecraft with the App Framework
JavaScript
19
star
84

splunk-add-on-jira-alerts

Splunk custom alert action for Atlassian JIRA
Python
19
star
85

splunk-bunyan-logger

A Bunyan stream for Splunk's HTTP Event Collector
JavaScript
18
star
86

splunk-3D-graph-network-topology-viz

Plot relationships between objects with force directed graph based on ThreeJS/WebGL.
JavaScript
18
star
87

public-o11y-docs

Splunk Observability Cloud docs
HTML
18
star
88

dashpub

Generate next.js apps to publish Splunk dashboards
JavaScript
18
star
89

SA-ctf_scoreboard_admin

Python
18
star
90

slack-alerts

Splunk custom alert action for sending messages to Slack channels
Python
17
star
91

vale-splunk-style-guide

Splunk Style Guide for the Vale linter
17
star
92

acs-privateapps-demo

Demo of private-apps ci/cd integration into splunkcloud using the admin config service
Go
17
star
93

splunk-cloud-sdk-python

The Splunk Cloud SDK for Python, contains libraries for building apps for the Splunk Cloud Services Platform.
Python
17
star
94

fabric-logger

Logs blocks, transactions and events from Hyperledger Fabric to Splunk.
TypeScript
17
star
95

terraform-provider-scp

Splunk Terraform Provider to manage config resources for Splunk Cloud Platform
Go
16
star
96

PEAK

Security Content for the PEAK Threat Hunting Framework
Jupyter Notebook
16
star
97

deep-learning-toolkit

Deep Learning Toolkit for Splunk
Python
15
star
98

k8s-yaml-patch

jsonnet library to patch objects loaded from yaml
Go
15
star
99

TA-osquery

A Splunk technology add-on for osquery
14
star
100

ml-toolkit-docs

ML Toolkit & Showcase application documents
14
star