Splunk

Splunk is a platform that let us look into huge sets of data generated by several sources.

The official image is available at https://hub.docker.com/r/splunk/splunk/.

This is a ready-to-use docker-compose file to deploy Splunk wherever you want.

version: '3'

services:
  vsplunk:
    image: busybox
    volumes:
      - "/opt/splunk/etc"
      - "/opt/splunk/var"
  
  splunkapp:
    hostname: splunkapp
    image: splunk/splunk:latest
    environment:
      SPLUNK_PASSWORD: ${RANDOMPASS}
      SPLUNK_START_ARGS: --accept-license
      SPLUNK_ENABLE_LISTEN: 9997
      SPLUNK_ADD: tcp 1514
    volumes_from:
      - vsplunk
    ports:
      - "8000:8000"
      - "9997:9997"
      - "8088:8088"
      - "1514:1514"

Feel free to copy or clone it from -> https://github.com/immontilla/splunk

If you decided to copy it, you will need to assign a password into an environment variable named RANDOMPASS.

In a UNIX based system, you can issue this command:

export RANDOMPASS=`date +%s | sha256sum | base64 | head -c 32 ; echo`

Do not forget to review its value because you will need it when you want to access http://localhost:8000/ as the admin user.

Splunk

immontilla

immontilla

INFOSEC Colours

Exporting Adobe Connect recordings