- Splunk Answers
- :
- Splunk Administration
- :
- Installation
- :
- How to start a splunk container with the forwarder...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am using the splunk docker image to start a heavy forwarder with this command:
docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" --name hforwarder splunk/splunk:latest
I would like this heavy forwarder to run with the forwarder license, but when I check with
splunk list licenser-groups
I see that a Trial license is selected instead or the Forwarder one:
Enterprise
is_active:0
stack_ids:
Forwarder
is_active:0
stack_ids:
forwarder
Free
is_active:0
stack_ids:
free
Lite
is_active:0
stack_ids:
Lite_Free
is_active:0
stack_ids:
Trial
is_active:1
stack_ids:
download-trial
I could of course connect to the container and switch the license group with
splunk edit licenser-groups Forwarder -is_active 1
but this requires a restart and I would like to achieve this with only parameters to the docker run command.
Any idea if this is possible ?
If I add the SPLUNK_LICENSE_MASTER_URL parameter to make my heavy forwarder a slave to a license server, it works, but I am looking for a way to use the Forwarder license instead.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got around it with
docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" -e "SPLUNK_BEFORE_START_CMD=edit licenser-groups Forwarder -is_active 1" --name hforwarder splunk/splunk:latestI didn't know this SPLUNK_BEFORE_START_CMD environment variable existed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got around it with
docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" -e "SPLUNK_BEFORE_START_CMD=edit licenser-groups Forwarder -is_active 1" --name hforwarder splunk/splunk:latestI didn't know this SPLUNK_BEFORE_START_CMD environment variable existed.
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...
