{"id":27334903,"url":"https://github.com/dmuth/splunk-lab","last_synced_at":"2025-04-12T14:46:37.103Z","repository":{"id":44415156,"uuid":"145244853","full_name":"dmuth/splunk-lab","owner":"dmuth","description":"Learn Splunk by creating a lab instance in seconds.  Includes Eventgen and Splunk's Machine Learning app!","archived":false,"fork":false,"pushed_at":"2024-02-13T23:49:17.000Z","size":2313,"stargazers_count":79,"open_issues_count":3,"forks_count":15,"subscribers_count":8,"default_branch":"main","last_synced_at":"2024-05-02T06:07:40.110Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.dmuth.org/introducing-splunk-lab/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dmuth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null},"funding":{"github":"dmuth"}},"created_at":"2018-08-18T18:50:19.000Z","updated_at":"2024-04-23T13:11:15.000Z","dependencies_parsed_at":"2023-11-08T06:49:06.219Z","dependency_job_id":"6be277d1-40ab-4204-a904-afb09f9d84b7","html_url":"https://github.com/dmuth/splunk-lab","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmuth%2Fsplunk-lab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmuth%2Fsplunk-lab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmuth%2Fsplunk-lab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmuth%2Fsplunk-lab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dmuth","download_url":"https://codeload.github.com/dmuth/splunk-lab/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248585249,"owners_count":21128974,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-12T14:46:36.367Z","updated_at":"2025-04-12T14:46:37.092Z","avatar_url":"https://github.com/dmuth.png","language":"Shell","funding_links":["https://github.com/sponsors/dmuth"],"categories":[],"sub_categories":[],"readme":"\n\u003cimg src=\"img/splunk-lab.png\" width=\"250\" align=\"right\" /\u003e\n\n# Splunk Lab\n\nThis project lets you stand up a Splunk instance in Docker on a quick and dirty basis.\n\nBut what is Splunk?  \u003ca href=\"https://www.splunk.com/\"\u003eSplunk\u003c/a\u003e is a platform for big data collection and analytics.  You feed your events from syslog, webserver logs, or application logs into Splunk, and can use queries to extract meaningful insights from that data.\n\n\n## Quick Start!\n\nPaste either of these on the command line:\n\n`bash \u003c(curl -s https://raw.githubusercontent.com/dmuth/splunk-lab/master/go.sh)`\n\n`bash \u003c(curl -Ls https://bit.ly/splunklab)`\n\n...and the script will print up what directory it will ingest logs from, your password, etc.  Follow the on-screen\ninstructions for setting environment variables and you'll be up and running in no time!  Whatever logs you had sitting in your `logs/` directory will be searchable in Splunk with the search `index=main`.\n\nIf you want to see neat things you can do in Splunk Lab, check out \u003ca href=\"#cookbook\"\u003ethe Cookbook section\u003c/a\u003e.\n\nAlso, the script will craete a directory called `bin/` with some helper scripts in it.  Be sure to check them out!\n\n\n### Useful links after starting\n\n- [https://localhost:8000/](https://localhost:8000/) - Default port to log into the local instance.  Username is `admin`, password is what was set when starting Splunk Lab.\n- [Splunk Dashboard Examples](https://localhost:8000/en-US/app/simple_xml_examples/contents) - Wanna see what you can do with Splunk?  Here are some example dashboards.\n\n\n## Features\n\n- App databoards can be stored in the local filesystem (they don't dissappear when the container exits)\n- Ingested data can be stored in the local filesystem\n- Multiple REST and RSS endpoints \"built in\" to provide sources of data ingestion \n- Integration with \u003ca href=\"https://www.baboonbones.com/#activation\"\u003eREST API Modular Input\u003c/a\u003e\n- Splunk Machine Learning Toolkit included\n- `/etc/hosts` can be appended to with local ip/hostname entries\n- Ships with Eventgen to populate your index with fake webserver events for testing.\n\n\n## Screenshots\n\nThese are screenshots with actual data from production apps which I built on top of Splunk Lab:\n\n\u003ca href=\"img/bella-italia.png\"\u003e\n\u003cimg src=\"img/bella-italia.png\" width=\"250\" /\u003e\u003c/a\u003e\n\u003ca href=\"img/facebook-glassdoor.png\"\u003e\n\u003cimg src=\"img/facebook-glassdoor.png\" width=\"250\" /\u003e\u003c/a\u003e\n\u003ca href=\"img/pa-furry-stats.jpg\"\u003e\n\u003cimg src=\"img/pa-furry-stats.jpg\" width=\"250\" /\u003e\u003c/a\u003e\n\u003ca href=\"img/network-huge-outage.png\"\u003e\n\u003cimg src=\"img/network-huge-outage.png\" width=\"250\" /\u003e\u003c/a\u003e\n\u003ca href=\"img/fitbit-sleep-dashboard.png\"\u003e\n\u003cimg src=\"img/fitbit-sleep-dashboard.png\" width=\"250\" /\u003e\u003c/a\u003e\n\u003ca href=\"img/snepchat-tag-cloud.jpg\"\u003e\n\u003cimg src=\"img/snepchat-tag-cloud.jpg\" width=\"250\" /\u003e\u003c/a\u003e\n\n\n\u003ca name=\"cookbook\"\u003e\u003c/a\u003e\n## Splunk Lab Cookbook\n\nWhat can you do with Splunk Lab?  Here are a few examples of ways you can use Splunk Lab:\n\n### Ingest some logs for viewing, searching, and analysis\n\n- Drop your logs into the `logs/` directory.\n- `bash \u003c(curl -Ls https://bit.ly/splunklab)`\n- Go to https://localhost:8000/\n- Ingsted data will be written to `data/` which will persist between runs.\n\n### Ingest some logs for viewing, searching, and analysis but DON'T keep ingested data between runs\n\n- `SPLUNK_DATA=no bash \u003c(curl -Ls https://bit.ly/splunklab)`\n- Note that `data/` will not be written to and launching a new container will cause `logs/` to be indexed again.\n   - This will increase ingestion rate on Docker for OS/X, as there are some issues with the filesystem driver in OS/X Docker.\n\n### Play around with synthetic webserver data\n\n- `SPLUNK_EVENTGEN=1 bash \u003c(curl -Ls https://bit.ly/splunklab)`\n- Fake webserver logs will be written every 10 seconds and can be viewed with the query `index=main sourcetype=nginx`.  The logs are based on actual HTTP requests which have come into the \u003ca href=\"https://www.dmuth.org/\"\u003ewebserver hosting my blog\u003c/a\u003e.\n \n### Adding Hostnames into /etc/hosts\n\n- Edit a local hosts file\n- `ETC_HOSTS=./hosts bash \u003c(curl -Ls https://bit.ly/splunklab)`\n- This can be used in conjunction with something like \u003ca href=\"https://github.com/dmuth/splunk-network-health-check\"\u003eSplunk Network Monitor\u003c/a\u003e to ping hosts that don't have DNS names, such as your home's webcam. :-)\n\n### Get the Docker command line for any of the above\n\n- Run any of the above with `PRINT_DOCKER_CMD=1` set, and the Docker command line that's used will be written to stdout.\n\n### Run Splunk Lab in Development Mode with a bash Shell\n\nThis would normally be done with the script `./bin/devel.sh` when running from the repo, \nbut if you're running Splunk Lab just with the Docker image, here's how to do it:\n\n`docker run -p 8000:8000 -e SPLUNK_PASSWORD=password1 -v $(pwd)/data:/data -v $(pwd)/logs:/logs --name splunk-lab --rm -it -v $(pwd):/mnt -e SPLUNK_DEVEL=1 dmuth1/splunk-lab bash`\n\nThis is useful mainly if you want to poke around in Splunk Lab while it's running.  Note that you \ncould always just run `docker exec splunk-lab bash` instead of doing all of the above. :-)\n\n\n## Splunk Apps Included\n\nThe following Splunk apps are included in this Docker image:\n\n- \u003ca href=\"https://splunkbase.splunk.com/app/1924\"\u003eEventgen\u003c/a\u003e\n- \u003ca href=\"https://splunkbase.splunk.com/app/1603/\"\u003eSplunk Dashboard Examples\u003c/a\u003e\n\u003c!--\n- \u003ca href=\"https://splunkbase.splunk.com/app/2646/\"\u003eSyndication Input\u003c/a\u003e\n--\u003e\n- \u003ca href=\"https://splunkbase.splunk.com/app/1546/\"\u003eREST API Modular Input\u003c/a\u003e (requires registration)\n- \u003ca href=\"https://splunkbase.splunk.com/app/3212/\"\u003eWordcloud Custom Visualization\u003c/a\u003e\n- \u003ca href=\"https://splunkbase.splunk.com/app/2878/\"\u003eSlack Notification Alert\u003c/a\u003e\n- \u003ca href=\"https://splunkbase.splunk.com/app/2890/\"\u003eSplunk Machine Learning Toolkit\u003c/a\u003e\n   - \u003ca href=\"https://splunkbase.splunk.com/app/2882/\"\u003ePython for Scientific Computing (for Linux 64-bit)\u003c/a\u003e\n   - \u003ca href=\"https://splunkbase.splunk.com/app/4066/\"\u003eNLP Text Analytics\u003c/a\u003e\n   - \u003ca href=\"https://splunkbase.splunk.com/app/3514/\"\u003eHalo - Custom Visualization\u003c/a\u003e\n   - \u003ca href=\"https://splunkbase.splunk.com/app/3112/\"\u003eSankey Diagram - Custom Visualization\u003c/a\u003e\n\n\nAll apps are covered under their own license.  Please check \u003ca href=\"vendor/README.md\"\u003ethe Apps page\u003c/a\u003e\nfor more info.\n\nSplunk has its own license.  Please abide by it.\n\n\n## Free Sources of Data\n\nI put together this curated list of free sources of data which can be pulled into Splunk\nvia one of the included apps:\n\n- RSS\n   - \u003ca href=\"https://answers.splunk.com/feed/questions.rss\"\u003eRecent questions posted to Splunk Answers\u003c/a\u003e\n   - \u003ca href=\"http://www.cnn.com/services/rss/\"\u003eCNN RSS feeds\u003c/a\u003e\n   - \u003ca href=\"https://www.flickr.com/services/feeds/docs/photos_public/\"\u003eFlickr's Public feed\u003c/a\u003e\n      - \u003ca href=\"https://api.flickr.com/services/feeds/photos_public.gne\"\u003ePublic Photos\u003c/a\u003e\n      - \u003ca href=\"https://api.flickr.com/services/feeds/photos_public.gne?tags=cheetah\"\u003ePublic photos tagged \"cheetah\"\u003c/a\u003e\n- REST (you will need to set `$REST_KEY` when starting Splunk Lab)\n   - Non-streaming\n      - \u003ca href=\"http://www3.septa.org/hackathon/\"\u003ePhiladelphia Public Transit API\u003c/a\u003e\n         - \u003ca href=\"http://www3.septa.org/hackathon/TrainView/\"\u003eRegional Rail Train Data\u003c/a\u003e\n      - \u003ca href=\"https://developers.coinbase.com/docs/wallet/guides/price-data\"\u003eCoinbase API\u003c/a\u003e\n      - \u003ca href=\"https://www.weather.gov/documentation/services-web-api\"\u003eNational Weather Service\u003c/a\u003e\n      - \u003ca href=\"https://api.weather.gov/gridpoints/PHI/49,75/forecast\"\u003ePhiladelphia Forecast\u003c/a\u003e\n      - \u003ca href=\"https://api.weather.gov/gridpoints/PHI/49,75/forecast/hourly\"\u003ePhiladelphia Hourly Forecast\u003c/a\u003e\n      - \u003ca href=\"https://www.alphavantage.co/\"\u003eAlpha Vantage\u003c/a\u003e - Free stock quotes\n   - Streaming\n      - \u003ca href=\"https://www.meetup.com/meetup_api/docs/stream/2/rsvps/\"\u003eMeetup RSVPs\u003c/a\u003e\n      - \u003ca href=\"http://stream.meetup.com/2/rsvps\"\u003eRSVP Endpoint\u003c/a\u003e\n\n\n## Apps Built With Splunk Lab\n\nSince building Splunk Lab, I have used it as the basis for building other projects:\n\n- \u003ca href=\"https://github.com/dmuth/SeptaStats/tree/master\"\u003eSEPTA Stats\u003c/a\u003e\n   - Website with real-time stats on \u003ca href=\"http://www.septa.org/service/rail/\"\u003ePhiladelphia Regional Rail\u003c/a\u003e.\n   - Pulled down over 60 million train data points over 4 years using Splunk.\n- \u003ca href=\"https://github.com/twintproject/twint-splunk\"\u003eSplunk Twint\u003c/a\u003e\n   - Splunk dashboards for Twitter timelines downloaded by Twint.  This now a part of the \u003ca href=\"https://github.com/twintproject\"\u003eTWINT Project\u003c/a\u003e.\n- \u003ca href=\"https://github.com/dmuth/splunk-yelp-reviews\"\u003eSplunk Yelp Reviews\u003c/a\u003e\n   - This project lets you pull down Yelp reviews for venues and view visualizations and wordclouds of positive/negative reviews in a Splunk dashboard.\n- \u003ca href=\"https://github.com/dmuth/splunk-glassdoor\"\u003eSplunk Glassdoor Reviews\u003c/a\u003e\n   - Similar to Splunk Yelp, this project lets you pull down company reviews from Glassdoor and Splunk them\n- \u003ca href=\"https://github.com/dmuth/splunk-telegram\"\u003eSplunk Telegram\u003c/a\u003e\n   - This app lets you run Splunk against messages from Telegram groups and generate graphs and word clouds based on the activity in them.\n- \u003ca href=\"https://github.com/dmuth/splunk-network-health-check\"\u003eSplunk Network Health Check\u003c/a\u003e\n   - Pings 1 or more hosts and graphs the results in Splunk so you can monitor network connectivity over time.\n- \u003ca href=\"https://github.com/dmuth/splunk-fitbit\"\u003eSplunk Fitbit\u003c/a\u003e\n   - Analyzes data from your Fitbit\n- \u003ca href=\"https://github.com/dmuth/splunk-aws-s3-server-accesslogs\"\u003eSplunk for AWS S3 Server Access Logs\u003c/a\u003e\n   - App to analyize AWS S3 Access Logs\n\n\nHere's all of the above, presented as a graph:\n\n\u003cimg src=\"img/app-tree.png\" width=\"500\" /\u003e\n\n\n## Building Your Own Apps Based on Splunk Lab\n\nA sample app (and instructions on how to use it) are in the \n\u003ca href=\"sample-app/\"\u003esample-app directory\u003c/a\u003e.  \nFeel free to expand on that app for your own apps.\n\n\n## A Word About Security\n\nHTTPS is turned on by default.  Passwords such as `password` and \u003ca href=\"https://www.youtube.com/watch?v=a6iW-8xPw3k\"\u003e12345\u003c/a\u003e are not permitted.\n\nPlease, for the love of god, \u003ca href=\"https://diceware.dmuth.org/\"\u003euse a strong password\u003c/a\u003e if you are deploying\nthis on a public-facing machine.\n\n\n## FAQ\n\n### How do I get a valid SSL cert on localhost?\n\nYes, you can! \n\nFirst, install \u003ca href=\"https://github.com/FiloSottile/mkcert\"\u003emkcert\u003c/a\u003e and then run `mkcert -install \u0026\u0026 mkcert localhost 127.0.0.1 ::1` to generate a local CA and a cert/key combo for localhost.\n\nThen, when you run Splunk Lab, set the environment variables `SSL_KEY` and `SSL_CERT` and those files will be pulled into Splunk Lab.\n\nExample: `SSL_KEY=./localhost.key SSL_CERT=./localhost.pem ./go.sh`\n\n\n### How do I get this to work in Vagrant?\n\nTL;DR If you're on a Mac, use \u003ca href=\"https://orbstack.dev/\"\u003eOrbStack\u003c/a\u003e.\n\nIf you're running \u003ca href=\"https://github.com/dmuth/docker-in-vagrant\"\u003eDocker in Vagrant\u003c/a\u003e, or just plain Vagrant, you'll run into issues because Splunk does some low-level stuff with its Vagrant directory that will result in errors in `splunkd.log` that look like this:\n\n```\n11-15-2022 01:45:31.042 +0000 ERROR StreamGroup [217 IndexerTPoolWorker-0] - failed to drain remainder total_sz=24 bytes_freed=7977 avg_bytes_per_iv=332 sth=0x7fb586dfdba0: [1668476729, /opt/splunk/var/lib/splunk/_internaldb/db/hot_v1_1, 0x7fb587f7e840] reason=st_sync failed rc=-6 warm_rc=[-35,1]\n```\n\nTo work around this, disable sharing of Splunk's data directory by setting `SPLUNK_DATA=no`, like this:\n\n`SPLUNK_DATA=no SPLUNK_EVENTGEN=yes ./go.sh`\n\nBy doing this, any data ingested into Spunk will not persist between runs.  But to be fair, Splunk Lab is meant for development usage of Splunk, not long-term usage.\n\n\n### Does this work on Macs?\n\nSure does!  I built this on a Mac. :-)\n\nFor best results, run under \u003ca href=\"https://orbstack.dev/\"\u003eOrbStack\u003c/a\u003e.\n\n\n## Development\n\nI wrote a series of helper scripts in `bin/` to make the process easier:\n\n- `./bin/download.sh` - Download tarballs of various apps and splits some of them into chunks\n  - If downloading a new version of Splunk, edit `bin/lib.sh` and bump the `SPLUNK_VERSION` and `SPLUNK_BUILD` variables.\n- `./bin/build.sh [ --force ]` - Build the containers.\n   - Note that this downloads packages from an AWS S3 bucket that I created.  This bucket is set to \"requestor pays\", so you'll need to make sure the `aws` CLI app set up.\n   - If you are (re)building Splunk Lab, you'll want to use `--force`.\n- `./bin/upload-file-to-s3.sh` - Upload a specific file to S3.  For rolling out new versions of apps\n- `./bin/devel.sh` - Build and tag the container, then start it with an interactive bash shell.\n   - This is a wrapper for the above-mentioned `go.sh` script. Any environment variables that work there will work here.\n   - **To force rebuilding a container during development** touch the associated Dockerfile in `docker/`.  E.g. `touch docker/1-splunk-lab` to rebuild the contents of that container.\n- `./bin/push.sh` - Tag and push the container.\n- `./bin/create-1-million-events.py` - Create 1 million events in the file `1-million-events.txt` in the current directory.\n   - If not in `logs/` but reachable from the Docker container, the file can then be oneshotted into Splunk with the following command: `/opt/splunk/bin/splunk add oneshot ./1-million-events.txt -index main -sourcetype oneshot-0001`\n- `./bin/kill.sh` - Kill a running `splunk-lab` container.\n- `./bin/attach.sh` - Attach to a running `splunk-lab` container.\n- `./bin/clean.sh` - Remove `logs/` and/or `data/` directories.\n- `./bin/tarsplit` - Local copy of my pacakge from https://github.com/dmuth/tarsplit\n\n\n### Building a New Version of Splunk\n\n- Bump version number and build number in `bin/lib.sh`\n- Run `./bin/build.sh`, use `--force` if necessary\n  - This can take several MINUTES, especially if no apps are cached locally\n- Run `SPLUNK_EVENTGEN=yes SPLUNK_ML=yes ./bin/devel.sh` \n  - This will build and tag the container, and spawn an interactive shell\n  - Run `/opt/splunk/bin/splunk version` inside the container to verify the version number\n- Go to \u003ca href=\"https://localhost:8000/\"\u003ehttps://localhost:8000/\u003c/a\u003e and verify you can log into Splunk\n  - Run the query `index=main earliest=-1d` and verify Eventgen events are coming in\n  - Go to \u003ca href=\"https://localhost:8000/en-US/app/Splunk_ML_Toolkit/contents\"\u003ehttps://localhost:8000/en-US/app/Splunk_ML_Toolkit/contents\u003c/a\u003e and verify that the ML Toolkit has been installed.\n- Type `exit` in the shell to shut down the server\n- Run `./bin/push.sh` to deploy the image.  This will take awhile.\n\n\n### Building Container Internals\n\n- Here's the layout of the `cache/` directory\n   - `cache/` - Where tarballs for Splunk and its apps hang out.  These are downloaded when `bin/download.sh` is run for the first time.\n   - `cache/deploy/` - When creating a specific Docker image, files are copied here so the Dockerfile can ingest them.  (Or rather hardlinked to the files in the parent directory.)\n   - `cache/build/` - 0-byte files are written here when a specific container is built, and on future builds, the age of that file is checked against the Dockerfile.  If the Dockerfile is newer, then the container is (re-)built.  Otherwise, it is skipped.  This shortens a run of `bin/devel.sh` where no containers need to be built from 12 seconds on my 2020 iMac to 0.2 seconds.\n\n\n### A word on default/ and local/ directories\n\nI had to struggle with this for awhile, so I'm mostly documenting it here.\n\nWhen in devel mode, `/opt/splunk/etc/apps/splunk-lab/` is mounted to `./splunk-lab-app/` via `go.sh`\nand the entrypoint script inside of the container symlinks `local/` to `default/`.\nThis way, any changes that are made to dashboards will be propagated outside of\nthe container and can be checked in to Git.\n\nWhen in production mode (e.g. running `./go.sh` directly), no symlink is created,\ninstead `local/` is mounted by whatever `$SPLUNK_APP` is pointing to (default is `app/`), so that any\nchanges made by the user will show up on their host, with Splunk Lab's `default/`\ndirectory being untouched.\n\n\n## Additional Reading\n\n- \u003ca href=\"https://github.com/dmuth/splunk-network-health-check\"\u003eSplunk Network Health Check\u003c/a\u003e\n\n\n## Notes/Bugs\n\n- The Docker containers are **dmuth1/splunk-lab** and **dmuth1/splunk-lab-ml**.  The latter has all of the Machine Learning apps built in to the image.  Feel free to extend those for your own projects.\n- If I run `./bin/create-test-logfiles.sh 10000` and then start Splunk Lab on a Mac, all of the files will be Indexed without any major issues, but then the CPU will spin, and not from Splunk. \n   - The root cause is that the filesystem code for Docker volume mappings on OS/X's Docker implementation is VERY inefficient in terms of both CPU and memory usage, especially when there are 10,000 files involved.  The overhead is just crazy.  When reading events from a directory mounted through Docker, I see about 100 events/sec.  When the directory is local to the container, I see about 1,000 events/sec, for a 10x difference.\n- The HTTPS cert is self-signed with Splunk's own CA.  If you're tired of seeing a Certificate Error every time you try connecting to Splunk, you can follow the instructions at https://stackoverflow.com/a/31900210/196073 to allow self-signed certificates for `localhost` in Google Chrome.\n   - Please understand the implications before you do this.\n\n\n## Credits\n\n- \u003ca href=\"https://github.com/mhassan2/splunk-n-box\"\u003eSplunk N' Box\u003c/a\u003e - Splunk N' Box is used to create entire Splunk clusters in Docker.  It was the first actual use of Splunk I saw in Docker, and gave me the idea that hey, maybe I could run a stand-alone Splunk instance in Docker for ad-hoc data analysis!\n- \u003ca href=\"http://www.splunk.com/\"\u003eSplunk\u003c/a\u003e, for having such a fantastic product which is also a great example of Operational Excellence!\n- \u003ca href=\"https://splunkbase.splunk.com/app/1924\"\u003eEventgen\u003c/a\u003e is a super cool way of generating simulating real data that can be used to generate dashboards for testing and training purposes.\n- \u003ca href=\"http://patorjk.com/software/taag/#p=display\u0026h=0\u0026v=0\u0026f=Standard\u0026t=Splunk%20Lab\"\u003eThis text to ASCII art generator\u003c/a\u003e, for the logo I used in the script.\n- The logo was made over at \u003ca href=\"https://www.freelogodesign.org/\"\u003ehttps://www.freelogodesign.org/\u003c/a\u003e\n- \u003ca href=\"https://liw.fi/readme-review/\"\u003eLars Wirzenius\u003c/a\u003e for a review of this README.\n\n\n\n\n## Copyrights\n\n- Splunk is copyright by Splunk, Inc.  Please stay within the confines of the 500 MB/day free license when using Splunk Lab, unless you brought your own license along.\n- The various apps are copyright by the creators of those apps.\n\n\n## Contact\n\nMy email is doug.muth@gmail.com.  I am also \u003ca href=\"http://twitter.com/dmuth\"\u003e@dmuth on Twitter\u003c/a\u003e \nand \u003ca href=\"http://facebook.com/dmuth\"\u003eFacebook\u003c/a\u003e!\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmuth%2Fsplunk-lab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdmuth%2Fsplunk-lab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmuth%2Fsplunk-lab/lists"}