Getting Data In

Why am I Not able access logs in splunk docker image?

icanwin
New Member

Whenever I am trying to login to splunk through docker image , the default user is ansible beacsue of that I am not able to access logs and var directory in splunk .
And not permitted to create a new directory too

kindly suggest.

Labels (1)
0 Karma

codebuilder
SplunkTrust
SplunkTrust

You will need to update your makefile if building your own image, and set the Splunk user.
If using a Splunk supported image, set the Splunk user as a parameter in your run command (-e "SPLUNK_USER=splunk"), e.g.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

rxgampa
Loves-to-Learn

I added  SPLUNK_USER=splunk to the docker-compose yml file and restarted the container. 

Here is the environment. 

[ansible@28f74f55c15a splunk]$ env

LANG=C.utf8

HOSTNAME=28f74f55c15a

ANSIBLE_USER=ansible

SPLUNK_HEC_TOKEN=test1234

container=oci

SPLUNK_HOME=/opt/splunk

SCLOUD_URL=https://github.com/splunk/splunk-cloud-sdk-go/releases/download/v1.11.1/scloud_v7.1.0_linux_amd64.ta...

CONTAINER_ARTIFACT_DIR=/opt/container_artifact

PWD=/opt/splunk

HOME=/home/ansible

SPLUNK_DEFAULTS_URL=

SPLUNK_GROUP=splunk

SPLUNK_ANSIBLE_HOME=/opt/ansible

TERM=xterm

SPLUNK_ROLE=splunk_standalone

SPLUNK_PASSWORD=A#123#aaa

PYTHON_GPG_KEY_ID=####

TMPSPLUNKDIR=/opt/splunk/tmp

PYTHON_VERSION=3.7.10

ANSIBLE_GROUP=ansible

SPLUNK_START_ARGS=--accept-license

TMPETCDIR=/opt/splunk/tmp/etc

SHLVL=1

SPLUNK_USER=splunk

PATH=/home/ansible/.local/bin:/home/ansible/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

_=/usr/bin/env

[ansible@28f74f55c15a splunk]$ whoami

ansible

 

There is no change in from ansible to splunk. Due to this unable to browse some /opt/splunk files as facing persmission issue. Not sure what other changed needed to environment file. Please check 

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...