{"id":27334900,"url":"https://github.com/dmuth/splunk-network-health-check","last_synced_at":"2025-04-12T14:46:35.897Z","repository":{"id":22899254,"uuid":"26247732","full_name":"dmuth/splunk-network-health-check","owner":"dmuth","description":"A Dockerized Splunk app to monitor your Internet connection","archived":false,"fork":false,"pushed_at":"2023-03-06T02:33:12.000Z","size":760,"stargazers_count":21,"open_issues_count":2,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-05-02T06:07:40.209Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dmuth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null},"funding":{"github":"dmuth"}},"created_at":"2014-11-06T01:16:30.000Z","updated_at":"2024-04-17T00:43:05.000Z","dependencies_parsed_at":"2022-08-21T16:30:27.581Z","dependency_job_id":"2691f95a-7407-4ba8-86bc-4fc183fb8d58","html_url":"https://github.com/dmuth/splunk-network-health-check","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmuth%2Fsplunk-network-health-check","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmuth%2Fsplunk-network-health-check/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmuth%2Fsplunk-network-health-check/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmuth%2Fsplunk-network-health-check/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dmuth","download_url":"https://codeload.github.com/dmuth/splunk-network-health-check/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248585249,"owners_count":21128974,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-12T14:46:35.237Z","updated_at":"2025-04-12T14:46:35.891Z","avatar_url":"https://github.com/dmuth.png","language":"Shell","funding_links":["https://github.com/sponsors/dmuth"],"categories":[],"sub_categories":[],"readme":"\n# Splunk Network Health Check\n\nThis app will monitor health of your Internet connection by pinging Google \n(and a few other hosts) and creating nice graphs.  It is based on\n\u003ca href=\"https://hub.docker.com/r/splunk/splunk/\"\u003eSplunk's official Dockerfile\u003c/a\u003e.\n\nThis app uses \u003ca href=\"https://github.com/dmuth/splunk-lab\"\u003eSplunk Lab\u003c/a\u003e, an open-source \napp I built to effortlessly run Splunk in a Docker container.\n\n\n## Quickest Installation\n\n`bash \u003c(curl -s https://raw.githubusercontent.com/dmuth/splunk-network-health-check/master/go.sh)`\n\nFollow the on-screen instructions for configuration Splunk Network Health Check \nand you should be running in no time!\n\n\n## Less Quick Installation\n\nMaybe you don't want to pipe some random script on the Internet into your shell, that's cool.\nHere are the Docker commands to run it and view the output:\n\n```\ndocker run --name splunk-network-health-check -d --rm -p 8000:8000 \\\n\t-v $(pwd)/splunk-data:/opt/splunk/var/lib/splunk/defaultdb \\\n\tdmuth1/splunk-network-health-check\ndocker logs -f splunk-network-health-check\n```\n\n\nNo matter how you install it, you can then go to http://localhost:8000/ and get graphs like these:\n\n\u003cimg src=\"./img/network-amtrak-with-hotspot.png\" width=\"250\" /\u003e \u003cimg src=\"./img/network-firewall-failing.png\" width=\"250\" /\u003e \u003cimg src=\"./img/network-huge-outage.png\" width=\"250\" /\u003e\n\n\nData will be persisted in the `splunk-data/` directory between container runs.\n\n\n### Default Targets\n\nThese are the default targets, but can be overridden with `-e TARGETS=...`: \n\n- google.com\n- 8.8.8.8 (Google's DNS Resolver)\n- 1.1.1.1 (CloudFlare's DNS Resolver)\n\nI picked Google because it's a fairly well connceted site, and I picked the second two IPs so that if \nDNS is flaky, it won't impact either those, and those two IP addresses are owned by completely different entities.\n\n\n## More detailed options\n\n- `--restart unless-stopped` - Causes this container to restart if killed Docker is restarted. **This is highly recommended.**\n- `-e \"TARGETS=google.com,cnn.com,8.8.8.8,1.1.1.1\"` - Specify hosts to ping\n- `-e ETC_HOSTS=hosts.txt` - Specify a hosts file to append to `/etc/hosts`.  Useful for when you want to give names to local devices to ping, such as cameras.\n- `-e SPLUNK_PASSWORD=password` - Set a non-default password. You WILL do this if you run this in a production environment.\n\n\n## What's Splunk?\n\nSplunk is an amazing app that lets you monitor your logfiles and perform analytics on them.  You can monitor other kinds of data, such as the output of the ping command, which is what this app does.  A free copy of Splunk Enterprise [can be downloaded at Splunk.com](http://www.splunk.com/) and is downloaded in the Dockerfile.\n\n\n## How does it work?\n\nAt its core, this app uses a script called `ping.sh`.  This script runs \u003ca href=\"https://github.com/dmuth/iputils\"\u003ea hacked version of ping\u003c/a\u003e to ping all targets and report on status (packets sent/packets received) every 10 seconds.\n\n\n### \"Oh god, why did you hack ping?\"\n\nA few reasons:\n\n- `fping` sometimes returned negative RTTs, so that's not a good sign.\n- Running `ping -c 10` multiple times in parallel caused N processes to be spawned every 10 seconds. \n   - The performance impact wasn't *terrible*, but I wanted this app to be as friendly to the CPU as I could make it.\n- `fping` also didn't periodically report on the status of hosts that I was pinging.\n- `fping` also got a little weird if there was no Internet connectivity, as DNS would not resolve\n   - You'd think this *wouldn't* be a problem when pinging IPs, but sadly, it was.\n\nTaking all of these into account, it seemed to make the most sense to hack ping to print its status every 10\nseconds and use that as the basis of the uptime graph in Splunk.\n\n\n## Security Concerns\n\n**Please** set a password if you are deploying this on anything other than a personal device.\nThat is done with `-e SPLUNK_PASSWORD=\u003cpassword\u003e`.\n\n\n## Development\n\n\n### The Easy Way\n\nThere are some helper scripts in `bin/` which make the process less painful:\n\n- `bin/dev.sh - Build an image from the Dockerfile, start it, and spawn a `bash` shell\n   - This is actually a wrapper for `go.sh`, so just follow the on-screen prompts.\n   - When exited, the container will end.\n- `bin/kill.sh` - Stop the container and kill it.\n- `bin/logs.sh` - Tail the logs of the currently running container\n- `bin/clean.sh` - Remove `splunk-data/` directory.  This will remove all indexed data (pings and latency) from Splunk!\n- `bin/push.sh` - Push the image up to Docker Hub\n\n\n## Known Bugs\n\nFor reasons unclear to me, if you set up a VPN connection, this completely breaks ping in all\nDocker containers.  Even `docker run alpine ping google.com` doesn't work.\n\nThe workaround is to simply restart Docker.  If you started your container with `--restart unless-stopped`,\nit will start up automatically.  I am unclear on if this is something that can be fixed.\n\n\n## FAQ\n\n### How do I get a valid SSL cert on localhost?\n\nYes, you can! \n\nFirst, install \u003ca href=\"https://github.com/FiloSottile/mkcert\"\u003emkcert\u003c/a\u003e and then run `mkcert -install \u0026\u0026 mkcert localhost 127.0.0.1 ::1` to generate a local CA and a cert/key combo for localhost.\n\nThen, when you run Splunk Lab, set the environment variables `SSL_KEY` and `SSL_CERT` and those files will be pulled into Splunk Lab.\n\nExample: `SSL_KEY=./localhost.key SSL_CERT=./localhost.pem ./go.sh`\n\n\n### Why does the Splunk web interface run with HTTPS enabled?\n\nBecause one day, someone somewhere will install this app on a machine which faces\nthe public Internet, and passwords will be sent over the clear.  In fact, over a \nlong enough time, the odds of this happening approach 1.\n\nTHAT is why I use HTTPS/SSL.  And why you should too on your apps.\n\n\n### How do I get this to work in Vagrant?\n\nIf you're running \u003ca href=\"https://github.com/dmuth/docker-in-vagrant\"\u003eDocker in Vagrant\u003c/a\u003e, or just plain Vagrant, you'll run into issues because Splunk does some low-level stuff with its Vagrant directory that will result in errors like this:\n\n```\n11-15-2022 01:45:31.042 +0000 ERROR StreamGroup [217 IndexerTPoolWorker-0] - failed to drain remainder total_sz=24 bytes_freed=7977 avg_bytes_per_iv=332 sth=0x7fb586dfdba0: [1668476729, /opt/splunk/var/lib/splunk/_internaldb/db/hot_v1_1, 0x7fb587f7e840] reason=st_sync failed rc=-6 warm_rc=[-35,1]\n```\n\nTo work around this, disable sharing of Splunk's data directory by setting `SPLUNK_DATA=no`, like this:\n\n`SPLUNK_DATA=no ./go.sh`\n\nBy doing this, any data ingested into Spunk will not persist between runs.  But to be fair, Splunk Lab is meant for development usage of Splunk, not long-term usage.\n\n\n## Licensing\n\nSplunk has its own license.  Please abide by it.\n\n\n## Credits\n\n- \u003ca href=\"http://www.splunk.com/\"\u003eSplunk\u003c/a\u003e, for having such a kick-ass product!\n- \u003ca href=\"http://patorjk.com/software/taag/#p=display\u0026h=0\u0026v=0\u0026f=Standard\u0026t=Splunk%20Lab\"\u003eThis text to ASCII art generator\u003c/a\u003e, for the logo I used in the script.\n\n\n\n## Additional Reading\n\n- \u003ca href=\"https://github.com/dmuth/splunk-lab\"\u003eSplunk Lab\u003c/a\u003e - A more generic Dockerized version of Splunk which I developed\n\n\n## Questions, comments, abuse, and offers of employment\n\n- Email: doug.muth@gmail.com\n- Twitter: \u003ca href=\"http://twitter.com/dmuth\"\u003ehttp://twitter.com/dmuth\u003c/a\u003e\n- Facebook: \u003ca href=\"http://facebook.com/dmuth\"\u003ehttp://facebook.com/dmuth\u003c/a\u003e\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmuth%2Fsplunk-network-health-check","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdmuth%2Fsplunk-network-health-check","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmuth%2Fsplunk-network-health-check/lists"}