Post

Using Splunk in Docker as a Test Environment: A Quick Guide

Posted
By Steh
1 min read
Using Splunk in Docker as a Test Environment: A Quick Guide

Start Basic Splunk Enterprise Environment

1
2

# most basic splunk environemnt
docker run -d -p 8000:8000 -e SPLUNK_START_ARGS='--accept-license' -e SPLUNK_PASSWORD='<password>' splunk/splunk:latest

Some Docker Basics

1
2
3
4
5
6
7
8
9
10
11
12
13
14

# get example commands
docker run -it splunk/splunk help

# list all running containers
docker ps

# stop a container
docker container stop <container_id>

# start a container
docker container start <container_id>

# enter container
docker exec -it <container_id> bash

App installation

  1. Install from Splunkbase in GUI

  2. Install from filesystem

    1
2
3
4
5

     # copy app into container
 docker cp myapp.tar.gz splunk:/opt/splunk/etc/apps/
    
 # install the app
 docker exec -it splunk /opt/splunk/bin/splunk install app /opt/splunk/etc/apps/myapp.tar.gz -auth admin:your-password

  3. Install on Docker Start

    1
2
3
4
5
6
7

     # on startup
 docker run -d -p 8000:8000 -e SPLUNK_START_ARGS='--accept-license' \
     -e SPLUNK_PASSWORD='<password>' \
     -e SPLUNK_APPS_URL='https://splunkbase.splunk.com/app/2890/release/4.1.0/download' \
     -e SPLUNKBASE_USERNAME='<sb-username>' \
     -e SPLUNKBASE_PASSWORD='<sb-password>' \
     splunk/splunk:latest

references

informationsecurity
blue team splunk
This post is licensed under CC BY 4.0 by the author.