Installation

How to start a splunk container with the forwarder license ?

VincentC
Explorer

I am using the splunk docker image to start a heavy forwarder with this command:

 

docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" --name hforwarder splunk/splunk:latest

 

I would like this heavy forwarder to run with the forwarder license, but when I check with

 

splunk list licenser-groups

 

I see that a Trial license is selected instead or the Forwarder one:

 

	Enterprise
		is_active:0
		stack_ids:
 
	Forwarder
		is_active:0
		stack_ids:
 			forwarder
 
	Free
		is_active:0
		stack_ids:
 			free
 
	Lite
		is_active:0
		stack_ids:
 
	Lite_Free
		is_active:0
		stack_ids:
 
	Trial
		is_active:1
		stack_ids:
 			download-trial

 

I could of course connect to the container and switch the license group with

 

splunk edit licenser-groups Forwarder -is_active 1

 

but this requires a restart and I would like to achieve this with only parameters to the docker run command.

Any idea if this is possible ?

 

If I add the SPLUNK_LICENSE_MASTER_URL parameter to make my heavy forwarder a slave to a license server, it works, but I am looking for a way to use the Forwarder license instead.

Labels (1)
0 Karma
1 Solution

VincentC
Explorer

Got around it with

docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" -e "SPLUNK_BEFORE_START_CMD=edit licenser-groups Forwarder -is_active 1" --name hforwarder splunk/splunk:latest

I didn't know this SPLUNK_BEFORE_START_CMD environment variable existed.

View solution in original post

0 Karma

VincentC
Explorer

Got around it with

docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=mydummypw" -e "SPLUNK_ROLE=splunk_heavy_forwarder" -e "SPLUNK_BEFORE_START_CMD=edit licenser-groups Forwarder -is_active 1" --name hforwarder splunk/splunk:latest

I didn't know this SPLUNK_BEFORE_START_CMD environment variable existed.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...