Hi,
To Install UF into docker, I followed the below steps.
1) docker pull splunk/universalforwarder:latest
2) docker run -d -p 9997:9997 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=" --name uf splunk/universalforwarder:latest
3) When I ran docker ps --> status is healthy
4) But I am not able to start/stop splunk --> In /opt/splunk/bin --> I am not finding any script for splunk start and stop.
That just meansll
doesn't exist. Please do some more troubleshooting or provide steps of what you've done so far, as mentioned it works fine on my instance.
The correct directory on a UF is /opt/splunkforwarder/
, you can use .bin/splunk start
from there. Keep in mind the default user is ansible
when logging in with docker exec -it uf /bin/bash
, that user has restricted rights.
Hi,
I am not able to restart splunk neither in /opt/splunkforwarder/bin or /opt/splunkforwarder --> getting error no such file or directory.
Am I missing some installation? only below lines are sufficient to install splunk UF?
1) docker pull splunk/universalforwarder:latest
2) docker run -d -p 9997:9997 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=" --name uf splunk/universalforwarder:latest
Are you actually setting a password and are you in the Docker container? Both commands work fine for me, granted I setSPLUNK_PASSWORD=password
to get started, otherwise it won't work.
Its just VM so I set it as password.
And you are in the actual container and not in your VM? use the Docker exec command from above.
I gave the docker exec command. Getting below screenshot.
Yes I have set the password. Please find the below screenshot .