this is me docker-compose file to deployment splunk cluster,the server is a deployment server and master server,the indexer* is indexer cluster
version: '3.4'
services:
server:
image: splunk/splunk:7.0.0
hostname: splunkserver
environment:
- SPLUNK_START_ARGS=--accept-license --answer-yes
- SPLUNK_ENABLE_DEPLOY_SERVER=true
- SPLUNK_ENABLE_LISTEN=9997
- SPLUNK_CMD_1=edit cluster-config -mode master -replication_factor 2 -search_factor 2 -secret admin -cluster_label swarm -auth admin:changeme
- SPLUNK_CMD_2=set servername splunk-server -auth admin:changeme
- SPLUNK_CMD_3=restart
ports:
- 8000:8000/tcp
- 8088:8088/tcp
networks:
splunk:
aliases:
- splunkserver
volumes:
- /opt/splunk/var:/opt/splunk/var:rw
- /opt/splunk/etc:/opt/splunk/etc:rw
- /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
delay: 10s
placement:
constraints:
- node.hostname == Docker-Swarm-Splunk
logging:
driver: json-file
options:
max-file: '3'
max-size: 100m
indexer01:
image: splunk/splunk:7.0.0
hostname: indexer01
environment:
- SPLUNK_START_ARGS=--accept-license --answer-yes
- SPLUNK_ENABLE_LISTEN=9997
- SPLUNK_DEPLOYMENT_SERVER=splunkserver:8089
- SPLUNK_CMD_1=disable webserver -auth admin:changeme
- SPLUNK_CMD_2=edit cluster-config -mode slave -master_uri https://splunkserver:8089 -replication_port 9887 -secret admin -auth admin:changeme
- SPLUNK_CMD_3=set servername indexer01 -auth admin:changeme
- SPLUNK_CMD_4=edit licenser-localslave -master_uri 'https://splunkserver:8089' -auth admin:changeme
- SPLUNK_CMD_5=restart
networks:
splunk:
aliases:
- indexer01
depends_on:
- splunkserver
volumes:
- /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro
- /opt/splunk/var:/opt/splunk/var:rw
- /opt/splunk/etc:/opt/splunk/etc:rw
deploy:
mode: replicated
replicas: 0
update_config:
parallelism: 1
delay: 10s
placement:
constraints:
- node.hostname == Docker-Swarm-Indexer01
logging:
driver: json-file
options:
max-file: '3'
max-size: 100m
indexer02:
image: splunk/splunk:7.0.0
hostname: indexer02
environment:
- SPLUNK_START_ARGS=--accept-license --answer-yes
- SPLUNK_ENABLE_LISTEN=9997
- SPLUNK_DEPLOYMENT_SERVER=splunkserver:8089
- SPLUNK_CMD_1=disable webserver -auth admin:changeme
- SPLUNK_CMD_2=edit cluster-config -mode slave -master_uri https://splunkserver:8089 -replication_port 9887 -secret admin -auth admin:changeme
- SPLUNK_CMD_3=set servername indexer02 -auth admin:changeme
- SPLUNK_CMD_4=edit licenser-localslave -master_uri 'https://splunkserver:8089'
- SPLUNK_CMD_5=restart
networks:
splunk:
aliases:
- indexer02
depends_on:
- splunkserver
volumes:
- /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro
- /opt/splunk/var:/opt/splunk/var:rw
- /opt/splunk/etc:/opt/splunk/etc:rw
deploy:
mode: replicated
replicas: 0
update_config:
parallelism: 1
delay: 10s
placement:
constraints:
- node.hostname == Docker-Swarm-Indexer02
logging:
driver: json-file
options:
max-file: '3'
max-size: 100m
networks:
splunk:
external: true
and my universalforwarder docker-compose is
version: '3.4'
services:
uf:
image: splunk/universalforwarder:7.0.0
networks:
splunk:
aliases:
- universalforwarder
volumes:
- /opt/universalforwarder/etc:/opt/splunk/etc
- /opt/universalforwarder/var:/opt/splunk/var
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- SPLUNK_START_ARGS=--accept-license --answer-yes
- SPLUNK_DEPLOYMENT_SERVER=splunkserver:8089
- SPLUNK_FORWARD_SERVER_1=indexer01:9997
- SPLUNK_FORWARD_SERVER_2=indexer02:9997
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: any
resources:
limits:
cpus: '0.1'
memory: 100M
reservations:
cpus: '0.05'
memory: 20M
placement:
constraints:
- node.hostname == Docker-Swarm-M01
logging:
driver: json-file
options:
max-file: '3'
max-size: 100m
networks:
splunk:
external: true
when I add a http data input on my deployment server ,the universalforwarder will download the app,but not listen the 8088 port,what can I do for it