a localized splunk instance for development/testing purposes in a docker container
bpmcdevitt
f77427fea8
Set up complete local Splunk instance with: - Splunk Enterprise container with web UI and HEC - Optional Universal Forwarder for log forwarding - Persistent volumes for data and configuration - Development documentation and configuration files 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> |
||
|---|---|---|
| config | ||
| .env | ||
| .gitignore | ||
| CLAUDE.md | ||
| docker-compose.yml | ||
| README.md | ||
Splunk Local Testing Environment
A Docker Compose setup for running a local Splunk instance for testing and development purposes.
Quick Start
-
Start Splunk:
docker-compose up -d -
Access Splunk Web UI:
- URL: http://localhost:8000
- Username: admin
- Password: admin123
-
Stop Splunk:
docker-compose down
Services
Splunk Enterprise
- Web UI: http://localhost:8000
- HEC Endpoint: http://localhost:8088
- Management Port: 8089
- Splunk2Splunk: 9997
- Syslog: 514/udp
Universal Forwarder (Optional)
To enable the Universal Forwarder for testing log forwarding:
docker-compose --profile forwarder up -d
Configuration
- Default credentials: admin/admin123
- HEC Token: 00000000-0000-0000-0000-000000000000
- Configuration files:
./config/ - Log directory:
./logs/
Data Persistence
Splunk data is persisted in Docker volumes:
splunk_etc: Splunk configurationsplunk_var: Splunk data and logs
To reset all data:
docker-compose down -v