This repository provides a Docker-based Splunk lab environment that simulates a real-world distributed enterprise architecture.
It brings together multiple modular labs into a single, cohesive setup, allowing you to see how core Splunk components work together in a production-like environment.
The project is designed for hands-on learning, architecture understanding, and certification preparation, with a focus on practical, real-world scenarios.
This repository includes the following modular Splunk environments:
Simulates a fully functional Splunk Indexer Cluster, including a Cluster Manager and multiple indexers for data replication and search availability.
Demonstrates a Search Head Cluster (SHC) setup, including captain election and centralized knowledge object and app deployment.
Models application deployment and data forwarding workflows using a Deployment Server and multiple Universal Forwarders.
Focuses on data ingestion, parsing, and forwarding, including load balancing into an Indexer Cluster.
Shows how centralized licensing is managed and distributed across Splunk components in a distributed environment.
Provides a centralized monitoring solution for visibility into the health and performance of the entire Splunk deployment.