Why am I Not able access logs in splunk docker ima...

icanwin · ‎05-13-2020

Whenever I am trying to login to splunk through docker image , the default user is ansible beacsue of that I am not able to access logs and var directory in splunk .
And not permitted to create a new directory too

kindly suggest.

codebuilder · ‎05-19-2020

You will need to update your makefile if building your own image, and set the Splunk user.
If using a Splunk supported image, set the Splunk user as a parameter in your run command (-e "SPLUNK_USER=splunk"), e.g.

----
An upvote would be appreciated and Accept Solution if it helps!

rxgampa · ‎07-12-2022

I added SPLUNK_USER=splunk to the docker-compose yml file and restarted the container.

Here is the environment.

[ansible@28f74f55c15a splunk]$ env

LANG=C.utf8

HOSTNAME=28f74f55c15a

ANSIBLE_USER=ansible

SPLUNK_HEC_TOKEN=test1234

container=oci

SPLUNK_HOME=/opt/splunk

SCLOUD_URL=https://github.com/splunk/splunk-cloud-sdk-go/releases/download/v1.11.1/scloud_v7.1.0_linux_amd64.ta...

CONTAINER_ARTIFACT_DIR=/opt/container_artifact

PWD=/opt/splunk

HOME=/home/ansible

SPLUNK_DEFAULTS_URL=

SPLUNK_GROUP=splunk

SPLUNK_ANSIBLE_HOME=/opt/ansible

TERM=xterm

SPLUNK_ROLE=splunk_standalone

SPLUNK_PASSWORD=A#123#aaa

PYTHON_GPG_KEY_ID=####

TMPSPLUNKDIR=/opt/splunk/tmp

PYTHON_VERSION=3.7.10

ANSIBLE_GROUP=ansible

SPLUNK_START_ARGS=--accept-license

TMPETCDIR=/opt/splunk/tmp/etc

SHLVL=1

SPLUNK_USER=splunk

PATH=/home/ansible/.local/bin:/home/ansible/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

_=/usr/bin/env

[ansible@28f74f55c15a splunk]$ whoami

ansible

There is no change in from ansible to splunk. Due to this unable to browse some /opt/splunk files as facing persmission issue. Not sure what other changed needed to environment file. Please check

Why am I Not able access logs in splunk docker image?

other

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes