Splunk offers us 60 days enterprise license for free. After that you either have switch back to free version or paid or reinstall the whole splunk.
As a developer, it’s for sure i love to use enterprise license but i can’t afford to buy it. My only solution is to reinstall splunk from scratch. No, no , i will lose all my search, i have to setup everything. I don’t need the data ingestion but i need to keep my search, my settings. I’m looking for a simple solution to keep all my settings after i reset.
I see Splunk offer some docker version, why not using it? you just need to re-create the container. i did some research and i know there are some folders i can keep it persistent after the reset.
I finally come with this docker-compose.yml file
version: '3'
services:
splunk:
image: splunk/splunk:9.0
hostname: "splunk"
container_name: "splunk"
restart: always
networks:
#we need to create this network first
- lan-docker
volumes:
- ./data:/data
- ./data/etc.apps/apps:/opt/splunk/etc/apps
- ./data/etc.users:/opt/splunk/etc/users
- ./data/etc.system/local/alert_actions.conf:/opt/splunk/etc/system/local/alert_actions.conf
ports:
- 127.0.0.1:8001:8000
environment:
TZ: "America/New_York"
SPLUNK_START_ARGS: "--accept-license"
SPLUNK_PASSWORD: "your-passwor-here"
networks:
lan-docker:
external: true
I create this file whenever my license expires , just need to run this: run.sh
sudo docker stop splunk
sudo docker container rm splunk
echo "starting"
sudo docker-compose up -d