Dashboards & Visualizations

Change config files if Splunk is running in a container

swatishs
Explorer

I am running Splunk Enterprise version 7.2.3 inside a Docker container. The container is deployed using the official Splunk docker image.
Is there a way of changing the config files without entering the container and manually changing the config files? Can we change all config files from the UI?

0 Karma

mattymo
Splunk Employee
Splunk Employee

Check out the app install plays which allow you to ensure the apps you want are in place when the container spins up.

https://github.com/splunk/docker-splunk/blob/develop/docs/advanced/APP_INSTALL.md

You can also manage via DS or UI as usual, once the image spins up.

For example, you might bootstrap the deploymentclient.conf config in a base app using the SPLUNK_APPS_URL setting, so when the container spins up, so that it knows how to reach the Deployment Server and can pull down configs. You might also skip the DS altogether and choose to pull apps from a repo. Either way, it ensures the config gets to where it needs to be.

- MattyMo
0 Karma

isachse
Explorer

UI configuration changes ending in generated config files at $SPLUNK_HOME/etc/system/local/ inside of your container.

But some of the configuration are just available by accessing the filesystem e.g. certificate configurations.

0 Karma

woodcock
Esteemed Legend

Use a Deployment Server and name your docker hosts with a prefix like Docker- and then create a serverclass of Docker with a whitelist of Docker-* and do the needful.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...