Splunk universal forwarder configuration8/15/2023 ![]() ![]() splunk : opt : /opt home : /opt/splunk user : splunk group : splunk exec : /opt/splunk/bin/splunk pid : /opt/splunk/var/run/splunk/splunkd.pid password : " " svc_port : 8089 s2s_port : 9997 http_port : 8000 hec : enable : True ssl : True port : 8088 # hec.token is used only for ingestion (receiving Splunk events) token : smartstore : null. For instance, if you wish to take advantage of the ability to write conf files through the nf key, the full default.yml passed in will simply look like the following: # URL option $ docker run -d -p 8000:8000 -e "SPLUNK_PASSWORD=" \ -e "SPLUNK_START_ARGS=-accept-license" \ -e "SPLUNK_DEFAULTS_URL=" \Īdditionally, note that you do not need to supply the full default.yml if you only choose to modify a portion of how Splunk Enterprise is configured upon boot. # Volume-mounting option using -mount flag $ docker run -d -p 8000:8000 -e "SPLUNK_PASSWORD=" \ -e "SPLUNK_START_ARGS=-accept-license" \ -mount type = bind,source = " $( pwd ) "/default.yml,target =/tmp/defaults/default.yml # Volume-mounting option using -volumes/-v flag $ docker run -d -p 8000:8000 -e "SPLUNK_PASSWORD=" \ -e "SPLUNK_START_ARGS=-accept-license" \ -v " $( pwd ) /default.yml:/tmp/defaults/default.yml" \ Run the following command to generate a default.yml: The image contains a script to enable dynamic generation of this file automatically. This is particularly important when deploying clustered Splunk topologies, as there are frequent variables that you need to be consistent across all members of the cluster (ex. ![]() ![]() The purpose of the default.yml is to define a standard set of variables that controls how Splunk gets set up. Supported environment variables can be found in the splunk-ansible documentation. These configurations are consumed by an inventory script in the splunk-ansible project. The Splunk Docker image has several functions that can be configured by either supplying a default.yml file or by passing in environment variables. This section goes over in detail various features and functionality that a traditional Splunk Enterprise solution is capable of. Let’s dive into the nitty-gritty of how to tweak the setup of your containerized Splunk deployment. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |