I am running Splunk Enterprise version 7.2.3 inside a Docker container. The container is deployed using the official Splunk docker image.
Is there a way of changing the config files without entering the container and manually changing the config files? Can we change all config files from the UI?
Use a Deployment Server and name your docker hosts with a prefix like
Docker- and then create a serverclass of
Docker with a whitelist of
Docker-* and do the needful.
UI configuration changes ending in generated config files at $SPLUNK_HOME/etc/system/local/ inside of your container.
But some of the configuration are just available by accessing the filesystem e.g. certificate configurations.
Check out the app install plays which allow you to ensure the apps you want are in place when the container spins up.
You can also manage via DS or UI as usual, once the image spins up.
For example, you might bootstrap the deploymentclient.conf config in a base app using the
SPLUNK_APPS_URL setting, so when the container spins up, so that it knows how to reach the Deployment Server and can pull down configs. You might also skip the DS altogether and choose to pull apps from a repo. Either way, it ensures the config gets to where it needs to be.