I am trying to create a Splunk universal forwarder image using alpine:3.8 base image.
FROM alpine:3.8
ENV VERSION 6.3.1
ENV BUILD f3e41e4b37b2
ENV SPLUNK_USER=root
ENV SPLUNK_GROUP=root
ENV VERSION 6.3.1
ENV BUILD f3e41e4b37b2
ENV SPLUNK_OUTPUT_SERVER=test:9997
ENV SPLUNK_HOME=/opt/splunkforwarder/
RUN mkdir -p /opt
COPY ./config /tmp/splunk
RUN apk add curl \
&& curl http://download.splunk.com/products/splunk/releases/${VERSION}/universalforwarder/linux/splunkforwarder-${VERSION}-${BUILD}-Linux-x86_64.tgz | tar xvz -C /opt
WORKDIR /opt/splunkforwarder/
# Splunk management port
EXPOSE 8089
# Network Input
EXPOSE 514
VOLUME [ "/opt/splunkforwarder/etc", "/opt/splunkforwarder/var" ]
COPY ./patch-entrypoint.sh /sbin/entrypoint.sh
CMD ["/opt/splunkforwarder/bin/splunk", "start", "--accept-license", "--answer-yes", "--no-prompt", "--nodaemon"]
Now I am facing a couple of issues here:
When I am running /opt/splunkforwarder/bin/splunk start --accept-license I am getting /opt/splunkforwarder/bin/splunk: not found.
I am using custom output.conf file. It's in config folder.
[tcpout]
defaultGroup = abc
disabled = false
[tcpout:abc]
server = _OUTPUT_SERVERS_
autoLB = true
compressed = false
useACK = true
sendCookedData = true
entrypoint.sh is the script which I am using to replace the environment variable from output.config and restart the splunk but again restart is not working.
please help me to fix this.
... View more