docker-compose.yml :
version: '3.9'
services:
splunk:
image: splunk/splunk:latest
environment:
- SPLUNK_START_ARGS='--accept-license'
- SPLUNK_PASSWORD='password'
ports:
- 8000:8000
running docker-compose up, i am unable to pass the ansible task:
TASK [splunk_standalone : Setup global HEC]
fatal: [localhost]: FAILED! => {
"cache_control": "private",
"changed": false,
"connection": "Close",
"content_length": "130",
"content_type": "text/xml; charset=UTF-8",
"date": "Sun, 20 Jun 2021 02:30:20 GMT",
"elapsed": 0,
"redirected": false,
"server": "Splunkd",
"status": 401,
"url": "https://127.0.0.1:8089/services/data/inputs/http/http",
"vary": "Cookie, Authorization",
"www_authenticate": "Basic realm=\"/splunk\"",
"x_content_type_options": "nosniff",
"x_frame_options": "SAMEORIGIN"
}
MSG:
Status code was 401 and not [200]: HTTP Error 401: Unauthorized
However running without docker-compose i.e.
docker run -it -e "ANSIBLE_EXTRA_FLAGS=-vv" -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_PASSWORD=password splunk/splunk:latest
would have no issue
Would anyone be able to provide any clues as to what might be the issue?
Reviving a dead post here, as I'm encountering the same issue as the OP. Splunk will work with the docker command, but when I attempt with compose it get the same error.
docker-compose.yml
Error:
Docker uses the /var filesystem to store and cache images, data, etc. Since /var is typically owned by root any container running needs read/write access to /var (or at least /var/lib/docker e.g.), which the Splunk user generally does not. The quickest fix is to grant sudo to your Splunk user.
Generally you will also need to create a Docker volume so that Splunk can have storage to create a virtual /opt/splunk directory within the container.
Some good documentation on that here:
https://splunk.github.io/docker-splunk/STORAGE_OPTIONS.html
Do you have a Splunk server listening on the URL in the error message?
https://127.0.0.1:8089/services/data/inputs/http/http
I found this when the targetUri for the UF was not being correctly configured.