Skip to content
This repository was archived by the owner on Jan 15, 2025. It is now read-only.

dd-Splunk/Oasis

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

dd-Splunkdd-Splunk
Rolling restart implemented
Aug 28, 2017
a72520b · Aug 28, 2017

History

44 Commits
apps/TA-oasis-test
apps/TA-oasis-test
Jul 27, 2017
.gitignore
.gitignore
Aug 24, 2017
README.md
README.md
Aug 28, 2017
deploy.sh
deploy.sh
Aug 28, 2017
forwarder_outputs.conf
forwarder_outputs.conf
Aug 24, 2017
indexes.conf
indexes.conf
Jul 27, 2017
master_server.conf
master_server.conf
Aug 25, 2017
search_head_outputs.conf
search_head_outputs.conf
Aug 24, 2017
serverclass.conf
serverclass.conf
Aug 24, 2017

Repository files navigation

Oasis

Will build a Splunk single site cluster using Docker with:

  • 1 License server
  • 1 Deployment server
  • 3 Search Heads
  • 1 Master node
  • x Indexing peers depending on the Search Factor ($SF) and Replication Factor ($RF)
  • $UF Universal forwarders
  • $HF Heavy forwarder

As this is an enterprise deployment a valid Splunk Enterprise license must be provided in the file "enterprise.lic".

Example applications are deployed using both the Deployment server for the Universal and Heavy forwarders, but also onto the Master node to distribute onto each individual Indexing peers.

Indexer discovery is enabled

The License server acts as Monitoring Console

!!! This is CPU intensive, with 2 Cores - 4 vCPU / 12GB RAM, I have unpredictable results. 3 Cores - 6 vCPU / 16GB RAM is fine

To Do

Disable indexing on the master node and the monitoring console instance

Use maintenance mode before properly restarting peers

About

Splunk cluster in a box using Docker

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages