SplunkUDA+Docker+for+Splunk+Cheat+Sheet .pdf

File information


Original filename: SplunkUDA+Docker+for+Splunk+Cheat+Sheet.pdf

This PDF 1.7 document has been generated by / PDFlib+PDI 9.0.7p1 (PHP7/Linux-x86_64), and has been sent on pdf-archive.com on 12/07/2017 at 03:55, from IP address 162.112.x.x. The current document download page has been viewed 1239 times.
File size: 2.9 MB (4 pages).
Privacy: public file


Download original PDF file


SplunkUDA+Docker+for+Splunk+Cheat+Sheet.pdf (PDF, 2.9 MB)


Share on social networks



Link to this file download page



Document preview


DOCKER & SPLUNK
COMMAND REFERENCE
CHEAT SHEET
THIS REFERENCE GUIDE HAS BEEN TAKEN FROM THE BOOK
"BEGINNING SPLUNK WITH DOCKER" BY VINCENT SESTO
FIRST STEPS
Display the Version of Docker running on
your system. If you need to instal Docker
go to https://www.docker.com/get-docker
Run the basic hello-world Docker service.

docker --version

docker run hello-world

Search for a Docker image or type that you
need from Docker Hub. Replace <image>
with the image you are looking for. Eg; splunk

docker search <image>

Pull the latest stable version of your required
image.

docker pull <image>:latest

Display all running Docker containers.

docker ps

Display all running and stopped Docker
containers.

docker ps -a

View all Docker images available on your
system.

docker images

Beginning Splunk With Docker
This book gets you started working with Splunk and
Docker together. It book takes you through the
command line with Docker Fundamentals, expands
your knowledge and image functionality by using
Dockerfiles and then provides you with the power
of working with Docker Compose.

GET YOUR SPLUNK IMAGE RUNNING WITH DOCKER
Running Splunk as a Docker container with variables to accept license and
set the user as root. Port 8000 is mapped to the host and we are using the
Splunk image. Open a browser to http://localhost:8000 when complete.

docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e
"SPLUNK_USER=root" -p 8000:8000 splunk/splunk
Once your container has started up. Go to http://localhost:8000 in your
browser and start up your new Splunk environment.
Show all relevant information for a Docker
container.

Access the shell of a running container.

docker inspect <cont_id>

docker attach <cont_id>

Perform the touch command on a running
container using exec.

docker exec -d <cont_id>
touch /tmp/test.txt

Access the bash shell of a running container.

docker exec -it <
cont_id> /bin/bash

CREATING DOCKERFILES
To help streamline the process of creating and running our Docker containers,
we can use a Dockerfile to specify all the details for the container we are
wanting to run. Below is an example Dockerfile.

FROM splunk/splunk:latest
MAINTAINER vince.sesto@gmail.com
# Set up environment variables
ENV SPLUNK_START_ARGS --accept-license
ENV SPLUNK_USER root
# Run touch .ui_login in the same directory as your Dockerfile
# Copy ui_login to stop the first time login screen
COPY .ui_login /opt/splunk/etc/.ui_login
# If you have a Splunk App ready to be installed
COPY mood_radiator/ /opt/splunk/etc/apps/mood_radiator/
# In case we need to install anything extra
RUN apt-get update && apt-get install -y vim
Build your image from a Dockerfile and give
it a name.

Run a Docker container in detached mode
exposing port 8000.

docker build -t <name> .

docker run -d -p
8000:8000 <name>

The command below will allow you to clean up your environment. It will kill
all running containers, then remove all stopped containers, finally it will the
delete any docker images.

docker kill $(docker ps -q); docker rm -f $(docker ps -a -q)
docker rmi -f $(docker images -q)

MOVING TO DOCKER COMPOSE
With Docker Compose, you can use a simple compose file to create numerous
networked containers and images. The code below is a simple Splunk server
and can be created by opening your text editor and saving the file as “dockercompose.yml”.

version: '3'
services:
splunkserver:
image: splunk/splunk
hostname: splunkserver
environment:
SPLUNK_START_ARGS: --accept-license --answer-yes
SPLUNK_ENABLE_LISTEN: 9997
SPLUNK_USER: root
ports:
- "8000:8000"
- "9997:9997"
- "8088:8088"

Use Docker Compose to build and run
your compose file in detached mode.

docker-compose up -d

Learning Splunk Web Framework
Take your analytics online with the ease and power of
the Splunk Web Framework About This Book Want to
build rich applications on the Web using Splunk? This
book will be your ultimate guide! Learn to use web
framework components with the help of this highly
practical, example-rich guide Perform excellent Splunk
analytics on the Web and bring that knowledge to your
own projects.


Document preview SplunkUDA+Docker+for+Splunk+Cheat+Sheet.pdf - page 1/4

Document preview SplunkUDA+Docker+for+Splunk+Cheat+Sheet.pdf - page 2/4
Document preview SplunkUDA+Docker+for+Splunk+Cheat+Sheet.pdf - page 3/4
Document preview SplunkUDA+Docker+for+Splunk+Cheat+Sheet.pdf - page 4/4

Related documents


splunkuda docker for splunk cheat sheet
openshift container platform
cl openshift container platform datasheet
picking a distro 01
michaellucarelli splunksecurityassessmentedited
10duke case study videosprout

Link to this page


Permanent link

Use the permanent link to the download page to share your document on Facebook, Twitter, LinkedIn, or directly with a contact by e-Mail, Messenger, Whatsapp, Line..

Short link

Use the short link to share your document on Twitter or by text message (SMS)

HTML Code

Copy the following HTML code to share your document on a Website or Blog

QR Code

QR Code link to PDF file SplunkUDA+Docker+for+Splunk+Cheat+Sheet.pdf