bpmcdevitt/splunk_local
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
a localized splunk instance for development/testing purposes in a docker container
2 commits 1 branch 0 tags 64 KiB
Python 100%
Find a file
bpmcdevitt ecb505f159 Add comprehensive log generators for realistic test data 
- Add four types of log generators: web access logs, syslog messages, JSON application logs, and HEC events
- Implement Docker Compose services with generators profile for easy activation
- Create Python scripts for realistic log generation with varied data patterns
- Update documentation in README.md and CLAUDE.md with usage instructions and generator details
- Support file-based log forwarding and direct HEC event submission for comprehensive testing scenarios

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-19 17:29:37 -05:00
config Initial commit: Add Docker Compose Splunk testing environment 2025-07-19 16:52:36 -05:00
generators Add comprehensive log generators for realistic test data 2025-07-19 17:29:37 -05:00
.env Initial commit: Add Docker Compose Splunk testing environment 2025-07-19 16:52:36 -05:00
.gitignore Initial commit: Add Docker Compose Splunk testing environment 2025-07-19 16:52:36 -05:00
CLAUDE.md Add comprehensive log generators for realistic test data 2025-07-19 17:29:37 -05:00
docker-compose.yml Add comprehensive log generators for realistic test data 2025-07-19 17:29:37 -05:00
README.md Add comprehensive log generators for realistic test data 2025-07-19 17:29:37 -05:00

README.md

Splunk Local Testing Environment

A Docker Compose setup for running a local Splunk instance with log generators for comprehensive testing and development.

Quick Start

  1. Start Splunk:

    docker-compose up -d

  2. Access Splunk Web UI:

  3. Stop Splunk:

    docker-compose down

Services

Splunk Enterprise

Universal Forwarder (Optional)

To enable the Universal Forwarder for testing log forwarding:

docker-compose --profile forwarder up -d

Log Generators (Optional)

To enable log generators for testing data ingestion:

docker-compose --profile generators up -d

Combined Setup

To run everything together (Splunk + forwarder + generators):

docker-compose --profile forwarder --profile generators up -d

Configuration

  • Default credentials: admin/admin123
  • HEC Token: 00000000-0000-0000-0000-000000000000
  • Configuration files: ./config/
  • Log directory: ./logs/

Data Persistence

Splunk data is persisted in Docker volumes:

  • splunk_etc: Splunk configuration
  • splunk_var: Splunk data and logs

To reset all data:

docker-compose down -v

Log Generators

The environment includes multiple log generators to create realistic test data:

Available Generators

  • Web Access Logs (log_generator_web): Apache-style access logs with realistic traffic patterns
  • Syslog Messages (log_generator_syslog): RFC3164 compliant system logs from various services
  • JSON Application Logs (log_generator_json): Structured application logs with user events, API calls, and metrics
  • HTTP Event Collector (log_generator_hec): Direct event submission to Splunk HEC endpoint

Log Output Locations

  • Web logs: ./logs/web_access.log
  • Syslog: ./logs/syslog.log
  • JSON logs: ./logs/application.json
  • HEC events: Sent directly to Splunk HEC

Adding New Generators

  1. Create your generator script in the ./generators/ directory
  2. Add a new service to docker-compose.yml under the generators profile
  3. Mount ./generators:/app and optionally ./logs:/var/log/app volumes
  4. Update this README with your new generator's details

The Universal Forwarder will automatically pick up and forward any new log files placed in the ./logs/ directory.