Installation

How to start a splunk container with the forwarder license ?

VincentC
Explorer

I am using the splunk docker image to start a heavy forwarder with this command:

 

docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" --name hforwarder splunk/splunk:latest

 

I would like this heavy forwarder to run with the forwarder license, but when I check with

 

splunk list licenser-groups

 

I see that a Trial license is selected instead or the Forwarder one:

 

	Enterprise
		is_active:0
		stack_ids:
 
	Forwarder
		is_active:0
		stack_ids:
 			forwarder
 
	Free
		is_active:0
		stack_ids:
 			free
 
	Lite
		is_active:0
		stack_ids:
 
	Lite_Free
		is_active:0
		stack_ids:
 
	Trial
		is_active:1
		stack_ids:
 			download-trial

 

I could of course connect to the container and switch the license group with

 

splunk edit licenser-groups Forwarder -is_active 1

 

but this requires a restart and I would like to achieve this with only parameters to the docker run command.

Any idea if this is possible ?

 

If I add the SPLUNK_LICENSE_MASTER_URL parameter to make my heavy forwarder a slave to a license server, it works, but I am looking for a way to use the Forwarder license instead.

Labels (1)
0 Karma
1 Solution

VincentC
Explorer

Got around it with

docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" -e "SPLUNK_BEFORE_START_CMD=edit licenser-groups Forwarder -is_active 1" --name hforwarder splunk/splunk:latest

I didn't know this SPLUNK_BEFORE_START_CMD environment variable existed.

View solution in original post

0 Karma

VincentC
Explorer

Got around it with

docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" -e "SPLUNK_BEFORE_START_CMD=edit licenser-groups Forwarder -is_active 1" --name hforwarder splunk/splunk:latest

I didn't know this SPLUNK_BEFORE_START_CMD environment variable existed.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...