Previously we have looked at how to get a standalone Splunk instance up and running via Docker. As we have shown, it is very easy to do but we are now going to look at running a standalone instance whilst simultaneously installing an app from Splunkbase. Using Docker to run Splunk and Splunkbase apps makes it easy to set up test environments to try out apps without

Do do this we can create a docker-compose.yml. Normally this would be used for dealing with multiple containers but using it here gives a bit of readability.

For this example we are going to use iDelta’s awesome Add-on for Mulesoft Cloudhub as the app we are going to install.

To get the Docker instance up and running with Splunk and a Splunkbase app installed

  1. Create a new new file called docker-compose.yml and add the following code to that file:
version: "3.6"

services:
  splunkWithApp:
    image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
    container_name: splunkWithApp
    environment:
      - SPLUNK_START_ARGS=--accept-license
      - SPLUNK_APPS_URL=https://splunkbase.splunk.com/app/5479/release/1.1.6/download
      - SPLUNKBASE_USERNAME=<your_splunkbase_username>
      - SPLUNKBASE_PASSWORD
      - SPLUNK_PASSWORD
    ports:
      - 8000:8000
  • For SPLUNK_APPS_URL, make sure this matches your chosen app. Note that you can change which version of your app that your instance installs.
  • Update SPLUNKBASE_USERNAME to be that which you would use to log into Splunkbase if you were downloading the app manually.

2. Save the docker-compose.yml file.

3. To deploy your instance, run the following command in the directory where your docker-compose.yml file is located:

SPLUNKBASE_PASSWORD=<your_splunkbase_password> SPLUNK_PASSWORD=<splunk_instance_password> docker-compose up -d

This might take a few minutes to run (it will depend on whether or not you already have the latest Splunk Docker image on your machine).

4. If this has worked then head to <ip-address>:8000 – you should be presented with the Splunk login screen. The username will be ‘admin’ and the password will be whatever you have set SPLUNK_PASSWORD to be.

5. If everything has worked, your chosen app should appear in the list of installed apps.

A screenshot of the Splunk sidebar, showing that the Mulesoft Cloudhub Add-on for Splunk has been installed

So there you have it, it really is that simple to use Docker to run Splunk and Splunkbase apps. Why not

For 2021 we’ve committed to posting a new Splunk tip every week!

If you want to keep up to date on tips like the one above then sign up below:

Subscribe to our newsletter to receive regular updates from iDelta, including news and updates, information on upcoming events, and Splunk tips and tricks from our team of experts. You can also find us on Twitter and LinkedIn.

Subscribe

* indicates required
Posted by:Andrew MacLeod

Andrew is a certified Splunk Admin and has worked for iDelta for over two years. Previously, he worked as an actuarial analyst in the life and pensions industry - a role that he was in for over 7 years before deciding to embark on a career change into the IT industry. He holds an MPhys degree in theoretical physics from the University of Edinburgh. Outside of work he is a big puzzle fan, with a particular penchant for things cruciverbal and mathematical.