Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/neyrian/build_splunk_test

Build a local splunk test environnement
https://github.com/neyrian/build_splunk_test

docker environment local splunk tests

Last synced: 29 days ago
JSON representation

Build a local splunk test environnement

Host: GitHub
URL: https://github.com/neyrian/build_splunk_test
Owner: Neyrian
Created: 2024-11-18T10:19:16.000Z (3 months ago)
Default Branch: main
Last Pushed: 2024-11-26T14:28:35.000Z (3 months ago)
Last Synced: 2024-11-26T14:36:22.995Z (3 months ago)
Topics: docker, environment, local, splunk, tests
Language: Shell
Homepage:
Size: 14.6 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Purpose

This script aim to easly build a local splunk, and imports logs for tests purposes.

## Set up

1. Get the script from this repo
```bash
git clone https://github.com/Neyrian/build_splunk_test.git
```

2. Ensure that you have docker installed, otherwise run
```bash
sudo apt install docker.io
```

3. Change the var $workind_dir in the script with your working dir.

4. Download in your $workind_dir the following splunk apps:
- Windows TA https://splunkbase.splunk.com/app/742
- Apache TA https://splunkbase.splunk.com/app/3186
- Unix and Linux TA https://splunkbase.splunk.com/app/833

5. (Optional) On a windows machine, export Security, Application and System logs in xml and put them in the folder $workind_dir/Windows under xmlwineventlogSecurity.xml, xmlwineventlogApplication.xml, xmlwineventlogSystem.xml.

5. Then run the cheks command
```bash
./splunk.sh checks
```

## Usages

You can display the "help" menu by running the script wuthout any args.
For your first run, you'd run the following commands
```bash
./splunk.sh checks
./splunk.sh create
./splunk.sh createIndexes
./splunk.sh importLogs
./splunk.sh apps
```
And your splunk instance should be available on http://localhost:8000/ with creds: admin:Admin#123 (by default)

## Using WSL2

If you are using WSL, you may encounter some issue accessing the splunk instance. It is likely a port forwarding issue.
Powershell command:
```Powershell
netsh interface portproxy add v4tov4 listenport= listenaddress=0.0.0.0 connectport= connectaddress=
```
Obtain from

```powershell
wsl hostname -I
```
To see existing port-forwardings:
```Powershell
netsh interface portproxy show all
```

To delete a particular port-forwarding:
```Powershell
netsh interface portproxy delete v4tov4 listenport= listenaddress=
```