Skip to content

Instantly share code, notes, and snippets.

@kordless

kordless/splunk.json

Forked from replay/splunk_install.sh
Last active August 29, 2015 14:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save kordless/6baffe9a468b7653fcfa to your computer and use it in GitHub Desktop.
Save kordless/6baffe9a468b7653fcfa to your computer and use it in GitHub Desktop.
Download ZIP
This is the StackMonkey demo script for Splunk. Demos can be found here: https://www.stackmonkey.com/demo/
Raw
splunk.json
{
"image": {
"url": "http://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img",
"name": "Ubuntu Trusty",
"container_format": "bare",
"disk_format": "qcow2"
},
"callback_url": "",
"ssh_keys": [
""
],
"post_create": [
"#cloud-config",
"hostname: splunk-demo",
"manage_etc_hosts: true",
"runcmd:",
" - [ wget, 'https://gist.githubusercontent.com/kordless/6baffe9a468b7653fcfa/raw/splunk_install.sh', -O, /tmp/install.sh ]",
" - chmod 755 /tmp/install.sh",
" - /tmp/install.sh"
]
}
Raw
splunk.md

Splunk Demo Installer

This is the demo launcher for Splunk used by StackMonkey. This URL is used by the demo:

https://gist.githubusercontent.com/kordless/6baffe9a468b7653fcfa/raw/splunk_install.sh

If you would like to start a Splunk instance from the launcher, you will need to fork this gist and then use a URL for it that looks like this:

https://gist.githubusercontent.com/kordless/6baffe9a468b7653fcfa/raw/splunk.json

Be sure to put your SSH key in the first ssh_keys array string after you fork the gist!

Raw
splunk_install.sh
#!/bin/bash
# Make sure only root can run our script
if [ "$(id -u)" != "0" ]; then
echo "You need to be 'root' dude." 1>&2
exit 1
fi
clear
echo;
echo "##########################################################################################
This script is installing and configuring Splunk for demo purposes.
##########################################################################################
";
echo;
# download from AWS because splunk's servers are stupid slow
wget -O splunk-6.2.0-237341-Linux-x86_64.tgz 'http://stackgeek.s3.amazonaws.com/splunk-6.2.0-237341-Linux-x86_64.tgz'
# extract, move, cleanup
tar xvfz splunk-6.2.0-237341-Linux-x86_64.tgz
mv splunk /opt/splunk
rm splunk-6.1.3-220630-Linux-x86_64.tgz
# whack on inputs.conf file
echo "
[monitor:///var/log/]
disabled = false
followTail = 0
" >> /opt/splunk/etc/apps/launcher/default/inputs.conf
# auto start splunk on boot
/opt/splunk/bin/splunk enable boot-start --accept-license
# start splunk
/opt/splunk/bin/splunk start --accept-license
# update the meta data on the pool directly
. /etc/utterio
curl -X PUT -d '{"splunk": "installed"}' $MY_POOL_API_ADDRESS
echo;
echo "##########################################################################################
Splunk setup complete.
##########################################################################################
";
echo;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment