Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I Not able access logs in splunk docker image?

icanwin
New Member
‎05-13-2020 11:12 PM

Whenever I am trying to login to splunk through docker image , the default user is ansible beacsue of that I am not able to access logs and var directory in splunk .
And not permitted to create a new directory too

kindly suggest.

0 Karma
Reply

codebuilder
Influencer
‎05-19-2020 05:30 PM

You will need to update your makefile if building your own image, and set the Splunk user.
If using a Splunk supported image, set the Splunk user as a parameter in your run command (-e "SPLUNK_USER=splunk"), e.g.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply

rxgampa
Loves-to-Learn
‎07-12-2022 10:53 PM

I added  SPLUNK_USER=splunk to the docker-compose yml file and restarted the container. 

Here is the environment. 

[ansible@28f74f55c15a splunk]$ env

LANG=C.utf8

HOSTNAME=28f74f55c15a

ANSIBLE_USER=ansible

SPLUNK_HEC_TOKEN=test1234

container=oci

SPLUNK_HOME=/opt/splunk

SCLOUD_URL=https://github.com/splunk/splunk-cloud-sdk-go/releases/download/v1.11.1/scloud_v7.1.0_linux_amd64.ta...

CONTAINER_ARTIFACT_DIR=/opt/container_artifact

PWD=/opt/splunk

HOME=/home/ansible

SPLUNK_DEFAULTS_URL=

SPLUNK_GROUP=splunk

SPLUNK_ANSIBLE_HOME=/opt/ansible

TERM=xterm

SPLUNK_ROLE=splunk_standalone

SPLUNK_PASSWORD=A#123#aaa

PYTHON_GPG_KEY_ID=####

TMPSPLUNKDIR=/opt/splunk/tmp

PYTHON_VERSION=3.7.10

ANSIBLE_GROUP=ansible

SPLUNK_START_ARGS=--accept-license

TMPETCDIR=/opt/splunk/tmp/etc

SHLVL=1

SPLUNK_USER=splunk

PATH=/home/ansible/.local/bin:/home/ansible/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

_=/usr/bin/env

[ansible@28f74f55c15a splunk]$ whoami

ansible

 

There is no change in from ansible to splunk. Due to this unable to browse some /opt/splunk files as facing persmission issue. Not sure what other changed needed to environment file. Please check 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...