Skip to content
/ docker-splunk-hec Public

The HTTP Event Collector (HEC) lets you send data and application events to a Splunk deployment over the HTTP and Secure HTTP (HTTPS) protocols

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sonnyyu/docker-splunk-hec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
splunk
splunk
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Install software

git clone https://github.com/sonnyyu/docker-splunk-hec
cd docker-splunk-hec

Get Server Certificate "server.pem"

Use mtls-cert-manage generate server/client/ca certificate

https://github.com/sonnyyu/mtls-cert-manage

Copy Certificate from mtls-cert-manage

cd ~/mtls-cert-manage/pki/splunkcerts
cp ca.crt server.pem ~/docker-splunk-hec/splunk/certs
sudo cp 192.168.1.204.pem 192.168.1.204.key ~/docker-splunk-hec/splunk/webcerts

Build Splunk docker image

docker-compose build

Getting Splunk started

docker-compose up -d

Quit

docker-compose down

Quit and remove Volume

docker-compose down -v

Test web interface

curl -k https://192.168.1.204:8000

Test web interface with ca

cd ~/docker-splunk-hec/splunk/certs
curl --cacert ca.crt https://192.168.1.204:8000

Import CA certificate at PC

Install certificate

sudo apt-get install -y ca-certificates
cd ~/docker-splunk-hec/splunk/certs
sudo cp ca.crt /usr/local/share/ca-certificates
sudo update-ca-certificates

Test web interface

curl https://192.168.1.204:8000

Open Splunk from Browser

https://192.168.1.204:8000

Testing splunk-hec allows curl to proceed and operate even for server connections otherwise considered insecure

curl -k "https://192.168.1.204:8088/services/collector" \
    -H "Authorization: Splunk 3f066d2a-c871-4800-87fc-e6be5fa69f1b" \
    -d '{"event": "Hello, world!", "sourcetype": "manual"}'

Testing splunk-hec by add the CA cert for your server to the existing default CA certificate store (CURL)

cd ~/docker-splunk-hec/splunk/certs
curl --cacert ca.crt  "https://192.168.1.204:8088/services/collector" \
-H "Authorization: Splunk 3f066d2a-c871-4800-87fc-e6be5fa69f1b" \
-d '{"event": "Hello, world!", "sourcetype": "manual"}'

Testing splunk-hec after install ca.crt into CA certificate store (OS)

curl  "https://192.168.1.204:8088/services/collector" \
    -H "Authorization: Splunk 3f066d2a-c871-4800-87fc-e6be5fa69f1b" \
    -d '{"event": "Hello, world!", "sourcetype": "manual"}'

Generate Universally Unique Identifiers (UUIDs) with uuidgen

sudo apt update
sudo apt install uuid-runtime
uuidgen
Output
4c061a62-deae-49da-bdbe-6a4aad67d5f9

Update Universally Unique Identifiers (UUIDs)

nano ~/docker-splunk-hec/splunk/inputs.conf

About

The HTTP Event Collector (HEC) lets you send data and application events to a Splunk deployment over the HTTP and Secure HTTP (HTTPS) protocols

Topics

docker dockerfile docker-compose splunk hec http-event-collector

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages