splunk/docker-splunk splunk/docker-splunk

  • Stars
    star
    410
  • Rank 105,468 (Top 3 %)
  • Language
    Python
  • Created about 6 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
splunk/docker-splunk
github

splunk

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Splunk Docker GitHub Repository

Docker-Splunk: Containerizing Splunk Enterprise

License  GitHub release

Welcome to the official Splunk repository of Dockerfiles for building Splunk Enterprise and Splunk Universal Forwarder images for containerized deployments.

⚠️DEPRECATION NOTICE
We are no longer releasing Debian images on Docker Hub as of May 2021 (Splunk Enterprise v8.2.0+). Red Hat images will continue to be published.

Table of Contents

  1. Purpose
  2. Quickstart
  3. Documentation
  4. Support
  5. Contributing
  6. License

Purpose

What is Splunk Enterprise?

Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.

See Splunk Products for more information about the features and capabilities of Splunk products and how you can bring them into your organization.

What is Docker-Splunk?

This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk Enterprise.

The provisioning of these containers is handled by the Splunk-Ansible project. Refer to the Splunk-Ansible documentation and the Ansible User Guide for more details.

Quickstart

Start a single containerized instance of Splunk Enterprise with the command below, replacing <password> with a password string that conforms to the Splunk Enterprise password requirements.

$ docker run -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" \
             -e "SPLUNK_START_ARGS=--accept-license" \
             -it --name so1 splunk/splunk:latest

This command does the following:

  1. Starts a Docker container using the splunk/splunk:latest image.
  2. Names the container as so1.
  3. Exposes a port mapping from the host's 8000 port to the container's 8000 port
  4. Specifies a custom SPLUNK_PASSWORD.
  5. Accepts the license agreement with SPLUNK_START_ARGS=--accept-license. This agreement must be explicitly accepted on every container or Splunk Enterprise doesn't start.

After the container starts up, you can access Splunk Web at http://localhost:8000 with admin:<password>.

To view the logs from the container created above, run:

$ docker logs -f so1

To enter the container and run Splunk CLI commands, run:

# Defaults to the user "ansible"
docker exec -it so1 /bin/bash

# Run shell as the user "splunk"
docker exec -u splunk -it so1 bash

To enable TCP 10514 for listening, run:

docker exec -u splunk so1 /opt/splunk/bin/splunk add tcp 10514 \
    -sourcetype syslog -resolvehost true \
    -auth "admin:${SPLUNK_PASSWORD}"

To install an app, run:

docker exec -u splunk so1 /opt/splunk/bin/splunk install \
	/path/to/app.tar -auth "admin:${SPLUNK_PASSWORD}"

# Alternatively, apps can be installed at Docker run-time
docker run -e SPLUNK_APPS_URL=http://web/app.tgz ...

See Deploy and run Splunk Enterprise inside a Docker container for more information.

Documentation

Visit the Docker-Splunk documentation page for full usage instructions, including installation, examples, and advanced deployment scenarios.

Support

Use the GitHub issue tracker to submit bugs or request features.

If you have additional questions or need more support, you can:

  • Post a question to Splunk Answers
  • Join the #docker room in the Splunk Slack channel. If you're a new Splunk customer you can register for Slack here
  • If you are a Splunk Enterprise customer with a valid support entitlement contract and have a Splunk-related question, you can also open a support case on the https://www.splunk.com/ support portal

See the official support guidelines for more detailed information.

Contributing

We welcome feedback and contributions from the community! See our contribution guidelines for more information on how to get involved.

License

Copyright 2018-2020 Splunk.

Distributed under the terms of our license, splunk-ansible is free and open source software.

Authors

Splunk Inc. and the Splunk Community

More Repositories

1

attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
Jinja
2,118
star
2

security_content

Splunk Security Content
Python
1,235
star
3

splunk-sdk-python

Splunk Software Development Kit for Python
Python
649
star
4

attack_data

A repository of curated datasets from various attacks
Python
560
star
5

splunk-ansible

Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments
Python
355
star
6

eventgen

Splunk Event Generator: Eventgen
Python
354
star
7

botsv2

Splunk Boss of the SOC version 2 dataset.
348
star
8

splunk-connect-for-kubernetes

Helm charts associated with kubernetes plug-ins
Python
344
star
9

docker-splunk-legacy

Docker Splunk *** LEGACY IMAGES - PLEASE SEE https://github.com/splunk/docker-splunk INSTEAD ***
Shell
304
star
10

botsv1

302
star
11

pion

Pion Network Library (Boost licensed open source)
C++
299
star
12

splunk-operator

Splunk Operator for Kubernetes
Go
205
star
13

splunk-sdk-javascript

Splunk Software Development Kit for JavaScript
JavaScript
185
star
14

botsv3

Splunk Boss of the SOC version 3 dataset.
163
star
15

melting-cobalt

A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
Python
163
star
16

qbec

configure kubernetes objects on multiple clusters using jsonnet
Go
157
star
17

splunk-connect-for-syslog

Splunk Connect for Syslog
Python
152
star
18

splunk-sdk-java

Splunk Software Development Kit for Java
Java
138
star
19

splunk-library-javalogging

Splunk logging appenders for popular Java Logging frameworks
Java
131
star
20

ansible-role-for-splunk

Splunk@Splunk's Ansible role for installing Splunk, upgrading Splunk, and installing apps/addons on Splunk deployments (VM/bare metal)
Jinja
131
star
21

attack_range_local

Build a attack range in your local machine
Jinja
129
star
22

splunk-platform-automator

Ansible framework providing a fast and simple way to spin up complex Splunk environments.
Python
117
star
23

SA-ctf_scoreboard

Python
116
star
24

splunk-aws-cloudformation

AWS CloudFormation templates for Splunk distributed cluster deployment
Shell
108
star
25

terraform-provider-splunk

Terraform Provider for Splunk
Go
103
star
26

securitydatasets

Home for Splunk security datasets.
97
star
27

splunk-aws-project-trumpet

Python
95
star
28

splunk-app-examples

App examples for Splunk Enterprise
JavaScript
93
star
29

splunk-demo-collector-for-analyticsjs

Example Node.js based backend collector for client-side data
JavaScript
93
star
30

vscode-extension-splunk

Visual Studio Code Extension for Splunk
Python
86
star
31

observability-workshop

To get started, please proceed to The Splunk Observability Cloud Workshop Homepage.
HTML
86
star
32

mltk-algo-contrib

Python
85
star
33

fluent-plugin-splunk-hec

This is the Fluentd output plugin for sending events to Splunk via HEC.
Ruby
83
star
34

network-explorer

C++
82
star
35

kafka-connect-splunk

Kafka connector for Splunk
Java
82
star
36

splunk-javascript-logging

Splunk HTTP Event Collector logging interface for JavaScript
JavaScript
81
star
37

splunk-reskit-powershell

Splunk Resource Kit for Powershell
PowerShell
80
star
38

corona_virus

This project includes an app that allows users to visualize and analyze information about COVID-19 using data made publicly-available by Johns Hopkins University. For more information on legal disclaimers, please see the README.
Python
79
star
39

contentctl

Splunk Content Control Tool
Python
77
star
40

salo

Synthetic Adversarial Log Objects: A Framework for synthentic log generation
Python
75
star
41

ShellSweep

ShellSweeping the evil.
PowerShell
73
star
42

docker-itmonitoring

Get Started with Streaming your Docker Logs and Stats in Splunk!
HTML
68
star
43

splunk-sdk-csharp-pcl

Splunk's next generation C# SDK
C#
65
star
44

docker-logging-plugin

Splunk Connect for Docker is a Docker logging plugin that allows docker containers to send their logs directly to Splunk Enterprise or a Splunk Cloud deployment.
Go
64
star
45

attack-detections-collector

Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique
Python
59
star
46

splunk-aws-serverless-apps

Splunk AWS Serverless applications and Lambda blueprints
JavaScript
55
star
47

splunk-webframework

Splunk Web Framework
Python
51
star
48

splunk-app-splunkgit

GitHub App
Python
49
star
49

vault-plugin-secrets-gitlab

Vault Plugin for Gitlab Project Access Token
Go
48
star
50

pytest-splunk-addon

A Dynamic test tool for Splunk Technology Add-ons
Python
47
star
51

splunk-mltk-container-docker

Splunk App for Data Science and Deep Learning - container images repository
Jupyter Notebook
47
star
52

rba

RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.
44
star
53

splunk-cloud-sdk-go

The Splunk Cloud SDK for Go, contains libraries for building apps for the Splunk Cloud Services Platform.
Go
43
star
54

splunk-app-testing

sample app along with a CICD pipeline for testing multiple versions of splunk
Shell
42
star
55

rwi_executive_dashboard

Splunk Remote Work Insights - Executive Dashboard
HTML
38
star
56

splunk-sdk-ruby

Splunk Software Development Kit for Ruby
Ruby
36
star
57

splunk-shuttl

Splunk app for archive management, including HDFS support.
Java
35
star
58

attack_range_cloud

Attack Range to test detection against nativel serverless cloud services and environments
Python
35
star
59

addonfactory-ucc-generator

A framework to generate UI-based Splunk Add-ons.
Python
34
star
60

splunk-for-securityHub

Python
34
star
61

azure-functions-splunk

Azure Functions for getting data in to Splunk
JavaScript
30
star
62

dashboard-conf19-examples

Splunk new dashboard framework examples .conf 2019
JavaScript
30
star
63

github_app_for_splunk

A collection of dashboards and knowledge objects for Github data
JavaScript
29
star
64

splunk-connect-for-snmp

Python
28
star
65

twinclams

because twin clams are better than one clam?
Python
27
star
66

jupyterhub-istio-proxy

JupyterHub proxy implementation for kubernetes clusters running istio service mesh
Go
27
star
67

observability-content-contrib

Contribution repository for Splunk Observability Content (e.g. Dashboards, Detectors, Examples, etc)
HCL
26
star
68

lightproto

Protobuf compatible code generator
Java
26
star
69

splunk-app-twitter

Twitter application for Splunk
Python
25
star
70

splunk-library-dotnetlogging

Support for logging from .NET Tracing and ETW / Semantic Logging ApplicationBlock to Splunk.
C#
25
star
71

splunkrepl

An awesome little REPL for issuing SPLUNK queries
JavaScript
24
star
72

fluent-plugin-kubernetes-objects

This is the Fluentd input plugin which queries Kubernetes API to collect Kubernetes objects (like Nodes, Namespaces, Pods, etc.)
Ruby
23
star
73

splunk-ref-pas-code

Splunk Reference App - Pluggable Auditing System (PAS) - Code Repo
Python
22
star
74

vault-plugin-splunk

Vault plugin to securely manage Splunk admin accounts and password rotation
Go
22
star
75

splunk-sdk-php

Splunk Software Development Kit for PHP
PHP
22
star
76

splunk-heatwave-viz

A heatmap vizualization of bucketed ranged data over time.
JavaScript
21
star
77

pipelines

Concurrent processing pipelines in Go.
Go
21
star
78

splunk-gcp-functions

Python
20
star
79

PEAK

Security Content for the PEAK Threat Hunting Framework
Jupyter Notebook
20
star
80

splunk-tableau-wdc

Splunk Tableau Web Data Connector (WDC) Example
JavaScript
20
star
81

splunkforjenkins

Java
19
star
82

splunk-3D-graph-network-topology-viz

Plot relationships between objects with force directed graph based on ThreeJS/WebGL.
JavaScript
19
star
83

minecraft-app

Splunking Minecraft with the App Framework
JavaScript
19
star
84

splunk-add-on-jira-alerts

Splunk custom alert action for Atlassian JIRA
Python
19
star
85

terraform-provider-scp

Splunk Terraform Provider to manage config resources for Splunk Cloud Platform
Go
18
star
86

splunk-bunyan-logger

A Bunyan stream for Splunk's HTTP Event Collector
JavaScript
18
star
87

slack-alerts

Splunk custom alert action for sending messages to Slack channels
Python
18
star
88

public-o11y-docs

Splunk Observability Cloud docs
HTML
18
star
89

dashpub

Generate next.js apps to publish Splunk dashboards
JavaScript
18
star
90

vale-splunk-style-guide

Splunk Style Guide for the Vale linter
18
star
91

SA-ctf_scoreboard_admin

Python
18
star
92

acs-privateapps-demo

Demo of private-apps ci/cd integration into splunkcloud using the admin config service
Go
17
star
93

splunk-cloud-sdk-python

The Splunk Cloud SDK for Python, contains libraries for building apps for the Splunk Cloud Services Platform.
Python
17
star
94

fabric-logger

Logs blocks, transactions and events from Hyperledger Fabric to Splunk.
TypeScript
17
star
95

deep-learning-toolkit

Deep Learning Toolkit for Splunk
Python
15
star
96

k8s-yaml-patch

jsonnet library to patch objects loaded from yaml
Go
15
star
97

acs-cli

Admin Config Service CLI
15
star
98

TA-osquery

A Splunk technology add-on for osquery
14
star
99

ml-toolkit-docs

ML Toolkit & Showcase application documents
14
star
100

splunk-sdk-csharp

Splunk Software Development Kit for CSharp
C#
14
star