jmervine/splunk.sh

## splunk.sh
#!/usr/bin/env bash

# Simple script to start and seed a local splunk instances using Docker
# Usage:
# $ bash splunk.sh [USERNAME] [HEC TOKEN]

PASSWORD="$1"
TOKEN="$2"
test -z "$PASSWORD" && PASSWORD=password
test -z "$TOKEN" && TOKEN=token
if ! curl http://localhost:8000/en-US/account/login &>/dev/null; then

  cat << EOF > $(pwd)/default.yml
---
splunk:
  password: ${PASSWORD}
  hec:
    enable: True
    ssl: False
    port: 8088
    token: ${TOKEN}
EOF

  docker run --name splunk --rm -d \
    -p 8000:8000 -p 8089:8089 -p 8088:8088 \
    -e "SPLUNK_START_ARGS=--accept-license" \
    --mount type=bind,source="$(pwd)"/default.yml,target=/tmp/defaults/default.yml \
    --name splunk splunk/splunk:latest

  echo "------ "
  echo "== Waiting for Splunk to start, this might take a minute."
  while ! curl http://localhost:8000/en-US/account/login &>/dev/null; do
    printf "."
    sleep 1
  done
  echo " "
  echo "== Splunk started with"
else
  echo "== Splunk already running, assuming"
  if test -f default.yml; then
    PASSWORD="$(cat default.yml | grep "password:" | awk '{ print $NF }')"
    TOKEN="$(cat default.yml | grep "token:" | awk '{ print $NF }')"
  fi
fi

echo "--> PASSWORD: ${PASSWORD}"
echo "--> HEC TOKEN: ${TOKEN}"
echo " "
batch_id=$(date | md5)
echo "== Seeding Splunk events (id=$batch_id)..."
for n in `seq 1 100`; do
  sleep .25
  event="[`date`] id=$batch_id event=$n"
  if ( curl -s -S -k -H "Authorization: Splunk ${TOKEN}" \
    http://localhost:8088/services/collector/event \
    -d "{\"event\": \"${event}\"}" | grep Success ) &> /dev/null
  then
    printf "."
  else
    printf "x"
  fi
done
echo " "
echo "== Seeded batch 'id=${batch_id}'"
echo "---"
echo "Example query:"
echo " "
echo "search index=main sourcetype=httpevent id=${batch_id}"
	#!/usr/bin/env bash

	# Simple script to start and seed a local splunk instances using Docker
	# Usage:
	# $ bash splunk.sh [USERNAME] [HEC TOKEN]

	PASSWORD="$1"
	TOKEN="$2"
	test -z "$PASSWORD" && PASSWORD=password
	test -z "$TOKEN" && TOKEN=token
	if ! curl http://localhost:8000/en-US/account/login &>/dev/null; then

	cat << EOF > $(pwd)/default.yml
	---
	splunk:
	password: ${PASSWORD}
	hec:
	enable: True
	ssl: False
	port: 8088
	token: ${TOKEN}
	EOF

	docker run --name splunk --rm -d \
	-p 8000:8000 -p 8089:8089 -p 8088:8088 \
	-e "SPLUNK_START_ARGS=--accept-license" \
	--mount type=bind,source="$(pwd)"/default.yml,target=/tmp/defaults/default.yml \
	--name splunk splunk/splunk:latest

	echo "------ "
	echo "== Waiting for Splunk to start, this might take a minute."
	while ! curl http://localhost:8000/en-US/account/login &>/dev/null; do
	printf "."
	sleep 1
	done
	echo " "
	echo "== Splunk started with"
	else
	echo "== Splunk already running, assuming"
	if test -f default.yml; then
	PASSWORD="$(cat default.yml \| grep "password:" \| awk '{ print $NF }')"
	TOKEN="$(cat default.yml \| grep "token:" \| awk '{ print $NF }')"
	fi
	fi

	echo "--> PASSWORD: ${PASSWORD}"
	echo "--> HEC TOKEN: ${TOKEN}"
	echo " "
	batch_id=$(date \| md5)
	echo "== Seeding Splunk events (id=$batch_id)..."
	for n in `seq 1 100`; do
	sleep .25
	event="[`date`] id=$batch_id event=$n"
	if ( curl -s -S -k -H "Authorization: Splunk ${TOKEN}" \
	http://localhost:8088/services/collector/event \
	-d "{\"event\": \"${event}\"}" \| grep Success ) &> /dev/null
	then
	printf "."
	else
	printf "x"
	fi
	done
	echo " "
	echo "== Seeded batch 'id=${batch_id}'"
	echo "---"
	echo "Example query:"
	echo " "
	echo "search index=main sourcetype=httpevent id=${batch_id}"