splunk/universalforwarder docker image 镜像
source link: https://hub.docker.com/r/splunk/universalforwarder
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
docker pull splunk/universalforwarder
## Splunk Universal Forwarder in Docker!
Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
In particular, the universal forwarder is a lightweight component that can be used to as a sidecar or load-balanced pool to collect and send data to an external Splunk environment. Please refer to Splunk products for more knowledge about the features and capabilities of Splunk, and how you can bring it into your organization.
Table of Contents
Prerequisites
At the current time, this image only supports the Docker runtime engine and requires the following system prerequisites:
- Linux-based operating system (Debian, CentOS, etc.)
- Chipset:
splunk/splunkimage supports x86-64 chipsetssplunk/universalforwarderimage supports both x86-64 and s390x chipsets
- Kernel version > 4.0
- Docker engine
- Docker Enterprise Engine 17.06.2 or later
- Docker Community Engine 17.06.2 or later
overlay2Docker daemon storage driver
For more details, please see the official supported architectures and platforms for containerized Splunk environments as well as hardware and capacity recommendations.
Quickstart
Download the universal forwarder image to your local Docker engine:
$ docker pull splunk/universalforwarder:latestUse the following command to start a single instance of the Splunk Universal Forwarder:
$ docker run -d -p 9997:9997 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=<password>" --name uf splunk/universalforwarder:latestLet's break down what this command does:
- Starts a Docker container detached using the
splunk/universalforwarder:latestimage. - Expose a port mapping from the host's
9997to the container's9997. - Specify a custom
SPLUNK_PASSWORD- be sure to replace<password>with any string that conforms to the Splunk Enterprise password requirements. - Accept the license agreement with
SPLUNK_START_ARGS=--accept-license. This must be explicitly accepted on everysplunk/universalforwardercontainer, otherwise Splunk will not start.
The Splunk Universal Forwarder however does not have a GUI, so you will not be able to access it through a web interface. Instead, you can access the container directly by using the docker exec command. After the container enters the "healthy" state, run the following:
$ docker exec -it -u splunk uf /bin/bash -c "/opt/splunkforwarder/bin/splunk status"
splunkd is running (PID: 575).
splunk helpers are running (PIDs: 577).Documentation
Please see the official documentation on configuring the Universal Forwarder in the Splunk Forwarder Manual for more information on setup.
For full usage instructions (including examples, advanced deployments, scenarios), please visit the docker-splunk documentation page.
Help and Support
To learn more about support for running Splunk in containers, please see the (support guidelines](https://splunk.github.io/docker-splunk/SUPPORT.html).
Additionally, if you run into any issues or have any questions, you can:
- See the troubleshooting guide
- Post a question to Splunk Answers
- Join the Splunk Slack channel
- Visit the #splunk channel on EFNet Internet Relay Chat
- Send an email to [email protected]
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK