Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

UF installation in docker

VijaySrrie
Builder
‎05-28-2020 02:40 AM

Hi,

To Install UF into docker, I followed the below steps.

1) docker pull splunk/universalforwarder:latest
2) docker run -d -p 9997:9997 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=" --name uf splunk/universalforwarder:latest

3) When I ran docker ps --> status is healthy
4) But I am not able to start/stop splunk --> In /opt/splunk/bin --> I am not finding any script for splunk start and stop.

Tags (1)
0 Karma
Reply

VijaySrrie
Builder
‎05-28-2020 05:27 AM

alt text

Preview file
1 KB
0 Karma
Reply

Patrick_Peeters
Splunk Employee
Splunk Employee
‎05-28-2020 05:36 AM

That just meanslldoesn't exist. Please do some more troubleshooting or provide steps of what you've done so far, as mentioned it works fine on my instance.

0 Karma
Reply

VijaySrrie
Builder
‎05-28-2020 05:11 AM

alt text

Preview file
1 KB
0 Karma
Reply

Patrick_Peeters
Splunk Employee
Splunk Employee
‎05-28-2020 03:19 AM

The correct directory on a UF is /opt/splunkforwarder/, you can use .bin/splunk start from there. Keep in mind the default user is ansible when logging in with docker exec -it uf /bin/bash, that user has restricted rights.

0 Karma
Reply

VijaySrrie
Builder
‎05-28-2020 05:03 AM

Hi,

I am not able to restart splunk neither in /opt/splunkforwarder/bin or /opt/splunkforwarder --> getting error no such file or directory.

Am I missing some installation? only below lines are sufficient to install splunk UF?

1) docker pull splunk/universalforwarder:latest
2) docker run -d -p 9997:9997 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=" --name uf splunk/universalforwarder:latest

0 Karma
Reply

Patrick_Peeters
Splunk Employee
Splunk Employee
‎05-28-2020 05:12 AM

Are you actually setting a password and are you in the Docker container? Both commands work fine for me, granted I setSPLUNK_PASSWORD=password to get started, otherwise it won't work.

0 Karma
Reply

VijaySrrie
Builder
‎05-28-2020 05:21 AM

Its just VM so I set it as password.

0 Karma
Reply

Patrick_Peeters
Splunk Employee
Splunk Employee
‎05-28-2020 05:23 AM

And you are in the actual container and not in your VM? use the Docker exec command from above.

0 Karma
Reply

VijaySrrie
Builder
‎05-28-2020 05:27 AM

I gave the docker exec command. Getting below screenshot.

0 Karma
Reply

VijaySrrie
Builder
‎05-28-2020 05:23 AM

Yes I have set the password. Please find the below screenshot .

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...