Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to start a splunk container with the forwarder license ?

VincentC
Explorer
‎09-23-2020 01:29 AM

I am using the splunk docker image to start a heavy forwarder with this command:

 

docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" --name hforwarder splunk/splunk:latest

 

I would like this heavy forwarder to run with the forwarder license, but when I check with

 

splunk list licenser-groups

 

I see that a Trial license is selected instead or the Forwarder one:

 

	Enterprise
		is_active:0
		stack_ids:
 
	Forwarder
		is_active:0
		stack_ids:
 			forwarder
 
	Free
		is_active:0
		stack_ids:
 			free
 
	Lite
		is_active:0
		stack_ids:
 
	Lite_Free
		is_active:0
		stack_ids:
 
	Trial
		is_active:1
		stack_ids:
 			download-trial

 

I could of course connect to the container and switch the license group with

 

splunk edit licenser-groups Forwarder -is_active 1

 

but this requires a restart and I would like to achieve this with only parameters to the docker run command.

Any idea if this is possible ?

 

If I add the SPLUNK_LICENSE_MASTER_URL parameter to make my heavy forwarder a slave to a license server, it works, but I am looking for a way to use the Forwarder license instead.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VincentC
Explorer
‎09-23-2020 07:25 AM

Got around it with

docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" -e "SPLUNK_BEFORE_START_CMD=edit licenser-groups Forwarder -is_active 1" --name hforwarder splunk/splunk:latest

I didn't know this SPLUNK_BEFORE_START_CMD environment variable existed.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

VincentC
Explorer
‎09-23-2020 07:25 AM

Got around it with

docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" -e "SPLUNK_BEFORE_START_CMD=edit licenser-groups Forwarder -is_active 1" --name hforwarder splunk/splunk:latest

I didn't know this SPLUNK_BEFORE_START_CMD environment variable existed.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...