Based on these Docker images:
- Install Docker version 1.10.0+
- Install Docker Compose version 1.6.0+
- Clone this repository
- Use
uuidgen
to generate a Splunk compatible HEC token
export SPLUNK_TOKEN=`uuidgen | tr '[:upper:]' '[:lower:]'`
- Add this token to the SPLUNK_TOKEN entry in the
.env
- Configure a password for Splunk in the
.env
- Add the SPLUNK_TOKEN to the inputs.conf using
sed -i "s/{{SPLUNK_TOKEN}}/$SPLUNK_TOKEN/g" splunk/splunk_httpinput/inputs.conf
-
Run
docker-compose build
first to inject the environment variables from the.env
and the updatedsplunk/splunk_httpinput/inputs.conf
-
Start the stack in detached mode:
$ docker-compose up -d
By default, the stack exposes the following ports:
- 5000: Syslog TCP input
- 8088: Splunk write_http Listener
- 8000: Splunk Frontend
- 25826: collectD input