This repository contains materials used with the Interactive Workshop PLA1399 A Little Help With Splunk Configuration as given at .conf23, July 17-23 in Las Vegas.
During this workshop, Docker will be utilized to enable the execution of a basic, two-tier architecture, showcasing specific interactions between an indexer and a search head.
- Download and install Docker Desktop
- You'll likely need to register a Docker Hub account if you do not have one already
- If you're using MacOS 12.5 or above, you'll need to enable Docker to use the Virtualization Framework (Docker Settings > General)
- On Apple Silicon you'll also want Docker to use Rosetta (Docker Settings > Features in Development > Beta features)
- Before class, pre-fetch the container images that we're going to use. (If not pre-done, this will happen with step 4, and will make that take longer)
docker pull --platform linux/amd64 splunk/splunk:9.0.4.1(606.4 MB)docker pull busybox:latest(~2 MB)
- Clone / Export the latest version of this repository to a location that Docker is allowed to bind mount
- Your user's home directory usually is in this list by default
- Check Docker Desktop > Settings > Resources > File Sharing to see/modify this list
- From the root of this repository, start the containers:
docker compose up -d
- Consider joining the Splunk Community
- In particular if you're on Splunk Usergroups Slack, and have questions before the workshop, join us in the #buttercupfoods channel.
- If you're not on Splunk Usergroups Slack, request an invite at https://splk.it/slack.
- The latest version of "Admin's Little Helper for Splunk" can be found on Splunkbase
- First Scenario - Global Context
- Second Scenario - App/User Context
- Third Scenario - The Knowledge Bundle
- Fourth - A Little Helper
- Copyright 2023 Splunk, Inc.
- See the Splunk General Terms for more info