diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 5c9a034..48edb76 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -14,7 +14,7 @@ If you experience problems or see unexpected behavior with this project, create
0. Version of this project you're using (ex: 1.5.0)
0. Platform version (ex: Windows Server 2012 R2)
-0. Splunk version (ex: 7.0.2)
+0. Splunk version (ex: 7.1.2)
0. Other relevant information (ex: local/remote environment, Splunk network configuration)
Alternatively, if you have a Splunk question please ask on [Splunk Answers][answers].
diff --git a/enterprise/Dockerfile b/enterprise/Dockerfile
index 78aa03b..7549d96 100644
--- a/enterprise/Dockerfile
+++ b/enterprise/Dockerfile
@@ -1,10 +1,11 @@
FROM debian:jessie
ENV SPLUNK_PRODUCT splunk
-ENV SPLUNK_VERSION 7.0.2
-ENV SPLUNK_BUILD 03bbabbd5c0f
+ENV SPLUNK_VERSION 7.1.2
+ENV SPLUNK_BUILD a0c72a66db66
ENV SPLUNK_FILENAME splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-x86_64.tgz
+
ENV SPLUNK_HOME /opt/splunk
ENV SPLUNK_GROUP splunk
ENV SPLUNK_USER splunk
diff --git a/enterprise/README.md b/enterprise/README.md
index 27f4620..d117dda 100644
--- a/enterprise/README.md
+++ b/enterprise/README.md
@@ -1,273 +1,274 @@
-# Supported tags
+ # Supported tags
-* `7.0.2`,`latest`- Splunk Enterprise base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile)
-* `6.5.3-monitor` - Splunk Enterprise with Docker Monitoring [Dockerfile](https://github.com/splunk/docker-itmonitoring/blob/master/enterprise/Dockerfile)
+ * `7.1.2`,`latest`- Splunk Enterprise base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile)
+ * `6.5.3-monitor` - Splunk Enterprise with Docker Monitoring [Dockerfile](https://github.com/splunk/docker-itmonitoring/blob/master/enterprise/Dockerfile)
-# What is Splunk Enterprise?
+ # What is Splunk Enterprise?
-Splunk Enterprise is the platform for operational intelligence. The software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
+ Splunk Enterprise is the platform for operational intelligence. The software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
-This repository contains Dockerfiles that you can use to build [Splunk](https://splunk.com) Docker images.
+ This repository contains Dockerfiles that you can use to build [Splunk](https://splunk.com) Docker images.
-# Get started with the Splunk Enterprise Docker Image
+ # Get started with the Splunk Enterprise Docker Image
-If you have not used Docker before, see the [Getting started tutorial](https://docs.docker.com/mac/started) for Docker.
+ If you have not used Docker before, see the [Getting started tutorial](https://docs.docker.com/mac/started) for Docker.
-0. (Optional) Sign up for a Docker ID at [Docker Hub](https://hub.docker.com).
-0. Download and install Docker on your system.
-0. Open a shell prompt or Terminal window.
-0. Enter the following command to pull the Splunk Enterprise version 7.0.2 image.
-
- ```bash
- docker pull splunk/splunk
- ```
-0. Run the Docker image.
-
- ```bash
- docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p "8000:8000" splunk/splunk
- ```
-0. Access the Splunk instance with a browser by using the Docker machine IP address and Splunk Web port. For example, ``http://localhost:8000`
+ 0. (Optional) Sign up for a Docker ID at [Docker Hub](https://hub.docker.com).
+ 0. Download and install Docker on your system.
+ 0. Open a shell prompt or Terminal window.
+ 0. Enter the following command to pull the Splunk Enterprise version 7.1.2 image.
+
+ ```bash
+ docker pull splunk/splunk
+ ```
+ 0. Run the Docker image.
+
+ ```bash
+ docker run -d -e "SPLUNK_START_ARGS=--accept-license --seed-passwd " -e "SPLUNK_USER=root" -p "8000:8000" splunk/splunk
+ ```
+ 0. Find randomly generated admin password in docker logs for this container.
+ 0. Access the Splunk instance with a browser by using the Docker machine IP address and Splunk Web port. For example, ``http://localhost:8000`
-See [How to use the Splunk Enterprise Docker image](#How-to-use-the-Splunk-Enterprise-Docker-image) for additional example commands.
+ See [How to use the Splunk Enterprise Docker image](#How-to-use-the-Splunk-Enterprise-Docker-image) for additional example commands.
-# How to use the Splunk Enterprise Docker image
+ # How to use the Splunk Enterprise Docker image
-The following commands can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X).
+ The following commands can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X).
-### Pull an image for version 7.0.2 of Splunk Enterprise from this repository
+ ### Pull an image for version 7.1.2 of Splunk Enterprise from this repository
-```bash
-docker pull splunk/splunk:7.0.2
-```
+ ```bash
+ docker pull splunk/splunk:7.1.2
+ ```
-### Pull an image that uses the latest version of Splunk Enterprise from this repository
+ ### Pull an image that uses the latest version of Splunk Enterprise from this repository
-```bash
-docker pull splunk/splunk:latest
-```
+ ```bash
+ docker pull splunk/splunk:latest
+ ```
-### Start a Splunk Enterprise container and automatically accept the license agreement
+ ### Start a Splunk Enterprise container and automatically accept the license agreement
-This command starts a Splunk Enterprise instance from the Docker container in this repository, accepts the license agreement, and opens TCP port 8000 so that you can access the Splunk instance from your local machine.
+ This command starts a Splunk Enterprise instance from the Docker container in this repository, accepts the license agreement, and opens TCP port 8000 so that you can access the Splunk instance from your local machine.
-```bash
-docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:7.0.2
-```
-### Start a Splunk Enterprise container and mount the necessary container volumes
+ ```bash
+ docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=---accept-license --seed-passwd " splunk/splunk:7.1.2
+ ```
+ ### Start a Splunk Enterprise container and mount the necessary container volumes
-```bash
-docker run --name vsplunk -v /opt/splunk/etc -v /opt/splunk/var busybox
-docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:7.0.2
-```
+ ```bash
+ docker run --name vsplunk -v /opt/splunk/etc -v /opt/splunk/var busybox
+ docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license --seed-passwd " splunk/splunk:7.1.2
+ ```
-> Note:
->
-> When using data volumes containers, docker will provision the image required volumes automatically under /var/lib/docker/volumes/...
->
-> Please, refer to the link for further information: [link to Docker documentation](https://docs.docker.com/engine/tutorials/dockervolumes/#locating-a-volume)
+ > Note:
+ >
+ > When using data volumes containers, docker will provision the image required volumes automatically under /var/lib/docker/volumes/...
+ >
+ > Please, refer to the link for further information: [link to Docker documentation](https://docs.docker.com/engine/tutorials/dockervolumes/#locating-a-volume)
-### Start a Splunk Enterprise container and mount volumes from host
+ ### Start a Splunk Enterprise container and mount volumes from host
-```bash
-docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:7.0.2
-```
+ ```bash
+ docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license --seed-passwd " -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:7.1.2
+ ```
-### Use entrypoint.sh to execute Splunk commands
+ ### Use entrypoint.sh to execute Splunk commands
-You can execute commands in the container by typing in the following command, for example:
+ You can execute commands in the container by typing in the following command, for example:
-```
-docker exec splunk entrypoint.sh splunk version
-```
+ ```
+ docker exec splunk entrypoint.sh splunk version
+ ```
-To learn about the commands you can use with entrypoint.sh, see [Administrative CLI commands](https://docs.splunk.com/Documentation/Splunk/latest/Admin/CLIadmincommands) in the Splunk documentation.
+ To learn about the commands you can use with entrypoint.sh, see [Administrative CLI commands](https://docs.splunk.com/Documentation/Splunk/latest/Admin/CLIadmincommands) in the Splunk documentation.
-You can also use entrypoint.sh to configure Splunk services with environment variables. See [Basic configuration with environment variables](#basic-configuration-with-environment-variables).
+ You can also use entrypoint.sh to configure Splunk services with environment variables. See [Basic configuration with environment variables](#basic-configuration-with-environment-variables).
-# Configure the Splunk Enterprise Docker container with [docker-compose](https://docs.docker.com/compose/)
+ # Configure the Splunk Enterprise Docker container with [docker-compose](https://docs.docker.com/compose/)
-1. At a shell prompt, create a text file `docker-compose.yml` if it does not already exist.
-2. Open `docker-compose.yml` for editing.
-3. Insert the following block of text into the file.
-
-```
-version: '3'
+ 1. At a shell prompt, create a text file `docker-compose.yml` if it does not already exist.
+ 2. Open `docker-compose.yml` for editing.
+ 3. Insert the following block of text into the file.
+
+ ```
+ version: '3'
-volumes:
- opt-splunk-etc:
- opt-splunk-var:
-
-services:
- splunkenterprise:
-
- hostname: splunkenterprise
- image: splunk/splunk:7.0.2
- environment:
- SPLUNK_START_ARGS: --accept-license
- SPLUNK_ENABLE_LISTEN: 9997
- SPLUNK_ADD: tcp 1514
volumes:
- - opt-splunk-etc:/opt/splunk/etc
- - opt-splunk-var:/opt/splunk/var
- ports:
- - "8000:8000"
- - "9997:9997"
- - "8088:8088"
- - "1514:1514"
- ```
-4. Save the file and close it.
-5. Run the `docker-compose` utility in the same directory.
-
- ```
- docker-compose up
- ```
-
-## Configuration
-
-### Image Variants
-
-The `splunk/splunk` image comes in several variants:
-
-`splunk/splunk:7.0.2`
-This is the default Splunk Enterprise image.
-
-`splunk/splunk:6.5.3-monitor`
-This image comes with some data inputs activated (e.g., file monitor of docker host JSON logs, HTTP Event Collector, Syslog, etc.). It also includes the Docker app which has dashboards to help you analyze collected logs and docker information such as stats, events, tops, and inspect from your running images.
-
-### Data Store
-
-This Docker image has two data volumes:
-
-* `/opt/splunk/etc` - stores Splunk configurations, including applications and lookups
-* `/opt/splunk/var` - stores indexed data, logs and internal Splunk data
-
-### User
-
-All Splunk processes by default runs as the `splunk` user. The user can be changed by setting the SPLUNK_USER env variable.
-
-### Ports
-
-This Docker container exposes the following network ports:
-
-* `8000/tcp` - Splunk Web interface
-* `8088/tcp` - HTTP Event Collector
-* `8088/tcp` - Splunk Services
-* `8191/tcp` - Application Key Value Store
-* `9997/tcp` - Splunk receiving Port (not used by default) typically used by the Splunk Universal Forwarder
-* `1514/tcp` - Network Input (not used by default) typically used to collect syslog TCP data
-
-This Docker image uses port 1514 instead of the standard port 514 for the syslog port because network ports below 1024 require root access. See [Run Splunk Enterprise as a different or non-root user](http://docs.splunk.com/Documentation/Splunk/latest/Installation/RunSplunkasadifferentornon-rootuser).
-
-### Hostname
-
-When you use this Docker image, set a `hostname` for it. If you recreate the instance later, the image retains the hostname.
-
-### Basic configuration with Environment Variables
-
-You can use environment variables for basic configuration of the indexer and forwarder. For more advanced configuration, create configuration files within the container or use a Splunk deployment server to deliver configurations to the instance.
-
-- `SPLUNK_ENABLE_DEPLOY_SERVER='true'` - Enables deployment server on Indexer.
-- `SPLUNK_DEPLOYMENT_SERVER=':` - [configure deployment client](http://docs.splunk.com/Documentation/Splunk/latest/Updating/Configuredeploymentclients).
- Set deployment server url.
- - Example: `--env SPLUNK_DEPLOYMENT_SERVER='splunkdeploymentserver:8089'`.
-- `SPLUNK_ENABLE_LISTEN=` - enable [receiving](http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Enableareceiver).
- - Additional configuration is available using `SPLUNK_ENABLE_LISTEN_ARGS`
- environment variable.
-- `SPLUNK_FORWARD_SERVER=:` - [forward](http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Deployanixdfmanually)
- data to indexer.
- - Additional configuration is available using `SPLUNK_FORWARD_SERVER_ARGS`
- environment variable.
- - Additional forwarders can be set up using `SPLUNK_FORWARD_SERVER_<1..30>`
- and `SPLUNK_FORWARD_SERVER_<1..30>_ARGS`.
- - Example: `--env SPLUNK_FORWARD_SERVER='splunkindexer:9997' --env
- SPLUNK_FORWARD_SERVER_ARGS='method clone' --env
- SPLUNK_FORWARD_SERVER_1='splunkindexer2:9997' --env
- SPLUNK_FORWARD_SERVER_1_ARGS='-method clone'`.
-- `SPLUNK_ADD=' '` - execute add command,
- for example to [monitor files](http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesanddirectoriesusingtheCLI)
- or [listen](http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports) on specific ports.
- - Additional add commands can be executed (up to 30) using
- `SPLUNK_ADD_<1..30>`.
- - Example `--env SPLUNK_ADD='udp 1514' --env SPLUNK_ADD_1='monitor /var/log/*'`.
-- `SPLUNK_CMD='any splunk command'` - execute any splunk command.
- - Additional commands can be executed (up to 30) using
- `SPLUNK_CMD_<1..30>`.
- - Example `--env SPLUNK_CMD='edit user admin -password random_password -role
- admin -auth admin:changeme'`.
-
-#### Example
-
-Following is an example of how to configure Splunk Enterprise and the Splunk universal forwarder in Docker.
-
-```
-> echo "Creating docker network, so all containers will see each other"
-> docker network create splunk
-> echo "Starting deployment server for forwarders"
-> docker run -d --net splunk \
- --hostname splunkdeploymentserver \
- --name splunkdeploymentserver \
- --publish 8000 \
- --env SPLUNK_ENABLE_DEPLOY_SERVER=true \
- splunk/splunk
-> echo "Starting Splunk Enterprise"
-> docker run -d --net splunk \
- --hostname splunkenterprise \
- --name splunkenterprise \
- --publish 8000 \
- --env SPLUNK_ENABLE_LISTEN=9997 \
- splunk/splunk
-> echo "Starting forwarder, which forwards data to Splunk"
-> docker run -d --net splunk \
- --name forwarder \
- --hostname forwarder \
- --env SPLUNK_FORWARD_SERVER='splunkenterprise:9997' \
- --env SPLUNK_FORWARD_SERVER_ARGS='-method clone' \
- --env SPLUNK_ADD='udp 1514' \
- --env SPLUNK_DEPLOYMENT_SERVER='splunkdeploymentserver:8089' \
- splunk/universalforwarder
-```
-
-After this script executes, you can forward syslog data to the *udp*
-port of container *forwarder* (for internal containers only, as Splunk
-does not publish the port). Data should arrive in Splunk Enterprise and
-you should see the forwarder registered with the deployment server.
-
-# Troubleshoot problems with the image
-
-## Basic troubleshooting
-
-If you do not see data when you load the Docker Overview app in the Docker app, confirm that:
-
-* You have started the container with the right environment variables. In particular, you must have the proper access control to the mount points to read the default JSON log files that the docker host collects. See [Required Permissions](#required-permissions) for more detail.
-* You have included the necessary volumes for the Docker image.
-* Your Docker container has the correct filesystem permissions.
-
-### Required Permisssions
-The following mount points require special permissions:
-- `/var/lib/docker/containers`: By default, the Docker host only exposes read access to the root user. Read access to the volume could be changed for any users that start the Splunk process.
-- `/var/run/docker.sock` - Requires access to the [Docker Remote API](https://docs.docker.com/engine/reference/api/docker_remote_api/) to collect information such as docker stats, tops, events, and inspect.
-
-Overriding the SPLUNK_USER envrionment variable to an authorized user (such as "root") gives you the required access to the mount points that the Docker app needs to analyze the collected Docker information.
-
-## Troubleshoot upgrade problems with docker-compose
-
-If you use `docker-compose` (or reference an existing volume with `docker run`) to configure and run your Docker image and the Splunk Enterprise Docker container detects an upgrade after you make a change to `docker-compose.yml`, complete the following procedure to make the image ignore the upgrade prompt:
-
-0. Open `docker-compose.yml` for editing.
-0. In the `Environment:` section for the Splunk Enterprise image, add the following line:
-
- ```
- SPLUNK_START_ARGS: --accept-license --answer-yes
- ```
-0. Save `docker-compose.yml` and close it.
-0. Run `docker-compose up` again.
-
-## If you still need help
-
-If you still have trouble collecting or analyzing data with the Splunk Enterprise Docker image, use one of the following options:
-
-* Post a question to [Splunk Answers](http://answers.splunk.com)
-* Join the [Splunk Slack channel](http://splunk-usergroups.slack.com)
-* Visit the #splunk channel on [EFNet Internet Relay Chat](http://www.efnet.org)
-* Send an email to [docker-maint@splunk.com](mailto:docker-maint@splunk.com)
+ opt-splunk-etc:
+ opt-splunk-var:
+
+ services:
+ splunkenterprise:
+
+ hostname: splunkenterprise
+ image: splunk/splunk:7.1.2
+ environment:
+ SPLUNK_START_ARGS: --accept-license --seed-passwd
+ SPLUNK_ENABLE_LISTEN: 9997
+ SPLUNK_ADD: tcp 1514
+ volumes:
+ - opt-splunk-etc:/opt/splunk/etc
+ - opt-splunk-var:/opt/splunk/var
+ ports:
+ - "8000:8000"
+ - "9997:9997"
+ - "8088:8088"
+ - "1514:1514"
+ ```
+ 4. Save the file and close it.
+ 5. Run the `docker-compose` utility in the same directory.
+
+ ```
+ docker-compose up
+ ```
+
+ ## Configuration
+
+ ### Image Variants
+
+ The `splunk/splunk` image comes in several variants:
+
+ `splunk/splunk:7.1.2`
+ This is the default Splunk Enterprise image.
+
+ `splunk/splunk:6.5.3-monitor`
+ This image comes with some data inputs activated (e.g., file monitor of docker host JSON logs, HTTP Event Collector, Syslog, etc.). It also includes the Docker app which has dashboards to help you analyze collected logs and docker information such as stats, events, tops, and inspect from your running images.
+
+ ### Data Store
+
+ This Docker image has two data volumes:
+
+ * `/opt/splunk/etc` - stores Splunk configurations, including applications and lookups
+ * `/opt/splunk/var` - stores indexed data, logs and internal Splunk data
+
+ ### User
+
+ All Splunk processes by default runs as the `splunk` user. The user can be changed by setting the SPLUNK_USER env variable.
+
+ ### Ports
+
+ This Docker container exposes the following network ports:
+
+ * `8000/tcp` - Splunk Web interface
+ * `8088/tcp` - HTTP Event Collector
+ * `8088/tcp` - Splunk Services
+ * `8191/tcp` - Application Key Value Store
+ * `9997/tcp` - Splunk receiving Port (not used by default) typically used by the Splunk Universal Forwarder
+ * `1514/tcp` - Network Input (not used by default) typically used to collect syslog TCP data
+
+ This Docker image uses port 1514 instead of the standard port 514 for the syslog port because network ports below 1024 require root access. See [Run Splunk Enterprise as a different or non-root user](http://docs.splunk.com/Documentation/Splunk/latest/Installation/RunSplunkasadifferentornon-rootuser).
+
+ ### Hostname
+
+ When you use this Docker image, set a `hostname` for it. If you recreate the instance later, the image retains the hostname.
+
+ ### Basic configuration with Environment Variables
+
+ You can use environment variables for basic configuration of the indexer and forwarder. For more advanced configuration, create configuration files within the container or use a Splunk deployment server to deliver configurations to the instance.
+
+ - `SPLUNK_ENABLE_DEPLOY_SERVER='true'` - Enables deployment server on Indexer.
+ - `SPLUNK_DEPLOYMENT_SERVER=':` - [configure deployment client](http://docs.splunk.com/Documentation/Splunk/latest/Updating/Configuredeploymentclients).
+ Set deployment server url.
+ - Example: `--env SPLUNK_DEPLOYMENT_SERVER='splunkdeploymentserver:8089'`.
+ - `SPLUNK_ENABLE_LISTEN=` - enable [receiving](http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Enableareceiver).
+ - Additional configuration is available using `SPLUNK_ENABLE_LISTEN_ARGS`
+ environment variable.
+ - `SPLUNK_FORWARD_SERVER=:` - [forward](http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Deployanixdfmanually)
+ data to indexer.
+ - Additional configuration is available using `SPLUNK_FORWARD_SERVER_ARGS`
+ environment variable.
+ - Additional forwarders can be set up using `SPLUNK_FORWARD_SERVER_<1..30>`
+ and `SPLUNK_FORWARD_SERVER_<1..30>_ARGS`.
+ - Example: `--env SPLUNK_FORWARD_SERVER='splunkindexer:9997' --env
+ SPLUNK_FORWARD_SERVER_ARGS='method clone' --env
+ SPLUNK_FORWARD_SERVER_1='splunkindexer2:9997' --env
+ SPLUNK_FORWARD_SERVER_1_ARGS='-method clone'`.
+ - `SPLUNK_ADD=' '` - execute add command,
+ for example to [monitor files](http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesanddirectoriesusingtheCLI)
+ or [listen](http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports) on specific ports.
+ - Additional add commands can be executed (up to 30) using
+ `SPLUNK_ADD_<1..30>`.
+ - Example `--env SPLUNK_ADD='udp 1514' --env SPLUNK_ADD_1='monitor /var/log/*'`.
+ - `SPLUNK_CMD='any splunk command'` - execute any splunk command.
+ - Additional commands can be executed (up to 30) using
+ `SPLUNK_CMD_<1..30>`.
+ - Example `--env SPLUNK_CMD='edit user admin -password random_password -role
+ admin -auth admin:changeme'`.
+
+ #### Example
+
+ Following is an example of how to configure Splunk Enterprise and the Splunk universal forwarder in Docker.
+
+ ```
+ > echo "Creating docker network, so all containers will see each other"
+ > docker network create splunk
+ > echo "Starting deployment server for forwarders"
+ > docker run -d --net splunk \
+ --hostname splunkdeploymentserver \
+ --name splunkdeploymentserver \
+ --publish 8000 \
+ --env SPLUNK_ENABLE_DEPLOY_SERVER=true \
+ splunk/splunk
+ > echo "Starting Splunk Enterprise"
+ > docker run -d --net splunk \
+ --hostname splunkenterprise \
+ --name splunkenterprise \
+ --publish 8000 \
+ --env SPLUNK_ENABLE_LISTEN=9997 \
+ splunk/splunk
+ > echo "Starting forwarder, which forwards data to Splunk"
+ > docker run -d --net splunk \
+ --name forwarder \
+ --hostname forwarder \
+ --env SPLUNK_FORWARD_SERVER='splunkenterprise:9997' \
+ --env SPLUNK_FORWARD_SERVER_ARGS='-method clone' \
+ --env SPLUNK_ADD='udp 1514' \
+ --env SPLUNK_DEPLOYMENT_SERVER='splunkdeploymentserver:8089' \
+ splunk/universalforwarder
+ ```
+
+ After this script executes, you can forward syslog data to the *udp*
+ port of container *forwarder* (for internal containers only, as Splunk
+ does not publish the port). Data should arrive in Splunk Enterprise and
+ you should see the forwarder registered with the deployment server.
+
+ # Troubleshoot problems with the image
+
+ ## Basic troubleshooting
+
+ If you do not see data when you load the Docker Overview app in the Docker app, confirm that:
+
+ * You have started the container with the right environment variables. In particular, you must have the proper access control to the mount points to read the default JSON log files that the docker host collects. See [Required Permissions](#required-permissions) for more detail.
+ * You have included the necessary volumes for the Docker image.
+ * Your Docker container has the correct filesystem permissions.
+
+ ### Required Permisssions
+ The following mount points require special permissions:
+ - `/var/lib/docker/containers`: By default, the Docker host only exposes read access to the root user. Read access to the volume could be changed for any users that start the Splunk process.
+ - `/var/run/docker.sock` - Requires access to the [Docker Remote API](https://docs.docker.com/engine/reference/api/docker_remote_api/) to collect information such as docker stats, tops, events, and inspect.
+
+ Overriding the SPLUNK_USER envrionment variable to an authorized user (such as "root") gives you the required access to the mount points that the Docker app needs to analyze the collected Docker information.
+
+ ## Troubleshoot upgrade problems with docker-compose
+
+ If you use `docker-compose` (or reference an existing volume with `docker run`) to configure and run your Docker image and the Splunk Enterprise Docker container detects an upgrade after you make a change to `docker-compose.yml`, complete the following procedure to make the image ignore the upgrade prompt:
+
+ 0. Open `docker-compose.yml` for editing.
+ 0. In the `Environment:` section for the Splunk Enterprise image, add the following line:
+
+ ```
+ SPLUNK_START_ARGS: --accept-license --seed-passwd
+ ```
+ 0. Save `docker-compose.yml` and close it.
+ 0. Run `docker-compose up` again.
+
+ ## If you still need help
+
+ If you still have trouble collecting or analyzing data with the Splunk Enterprise Docker image, use one of the following options:
+
+ * Post a question to [Splunk Answers](http://answers.splunk.com)
+ * Join the [Splunk Slack channel](http://splunk-usergroups.slack.com)
+ * Visit the #splunk channel on [EFNet Internet Relay Chat](http://www.efnet.org)
+ * Send an email to [docker-maint@splunk.com](mailto:docker-maint@splunk.com)
diff --git a/enterprise/build.sh b/enterprise/build.sh
index aa98bb2..e5db56f 100755
--- a/enterprise/build.sh
+++ b/enterprise/build.sh
@@ -3,7 +3,7 @@ if [ -z $CURRENT ]; then
CURRENT=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
fi
-docker build --no-cache=true -t splunk/splunk:7.0.2 .
-docker tag splunk/splunk:7.0.2 splunk/splunk:latest
-docker tag splunk/splunk:7.0.2 registry.splunk.com/splunk/splunk:latest
-docker tag splunk/splunk:7.0.2 registry.splunk.com/splunk/splunk:7.0.2
+docker build --no-cache=true -t splunk/splunk:7.1.2 .
+docker tag splunk/splunk:7.1.2 splunk/splunk:latest
+docker tag splunk/splunk:7.1.2 registry.splunk.com/splunk/splunk:latest
+docker tag splunk/splunk:7.1.2 registry.splunk.com/splunk/splunk:7.1.2
diff --git a/enterprise/docker-compose.yml b/enterprise/docker-compose.yml
index 6a23b07..0f4b473 100644
--- a/enterprise/docker-compose.yml
+++ b/enterprise/docker-compose.yml
@@ -1,7 +1,7 @@
# must accept EULA the first time that the image is started
-# docker run splunk/enterprise:7.0.2
+# docker run splunk/enterprise:7.1.2
# Options on how to review the EULA and accept it:
-# 1. docker run -it splunk/enterprisetrial:7.0.2
+# 1. docker run -it splunk/enterprisetrial:7.1.2
# 2. Add the following environment variable: SPLUNK_START_ARGS=--accept-license
# e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/enterprisetrial
@@ -16,7 +16,7 @@ services:
splunkenterprise:
#build: .
hostname: splunkenterprise
- image: splunk/splunk:7.0.2
+ image: splunk/splunk:7.1.2
environment:
SPLUNK_START_ARGS: --accept-license
SPLUNK_ENABLE_LISTEN: 9997
diff --git a/enterprise/entrypoint.sh b/enterprise/entrypoint.sh
index 38f7ca1..9fe99e9 100644
--- a/enterprise/entrypoint.sh
+++ b/enterprise/entrypoint.sh
@@ -47,12 +47,12 @@ Splunk Enterprise
end user license agreement
- If you have reviewed and accepted the license, start container
with the environment variable:
- SPLUNK_START_ARGS=--accept-license
+ SPLUNK_START_ARGS=--accept-license --seed-passwd
Usage:
- docker run -it splunk/enterprise:7.0.2
- docker run --env SPLUNK_START_ARGS="--accept-license" splunk/enterprise:7.0.2
+ docker run -it splunk/enterprise:7.1.2
+ docker run --env SPLUNK_START_ARGS="--accept-license --seed-passwd " splunk/enterprise:7.1.2
EOF
exit 1
diff --git a/enterprise/publishImage.sh b/enterprise/publishImage.sh
index 8c01ad2..4aac944 100755
--- a/enterprise/publishImage.sh
+++ b/enterprise/publishImage.sh
@@ -1,7 +1,7 @@
-docker push splunk/splunk:7.0.2
+docker push splunk/splunk:7.1.2
docker push splunk/splunk:latest
-docker push registry.splunk.com/splunk/splunk:7.0.2
+docker push registry.splunk.com/splunk/splunk:7.1.2
docker push registry.splunk.com/splunk/splunk:latest
diff --git a/universalforwarder/Dockerfile b/universalforwarder/Dockerfile
index 2e3deb3..946d62a 100644
--- a/universalforwarder/Dockerfile
+++ b/universalforwarder/Dockerfile
@@ -1,8 +1,8 @@
FROM debian:jessie
ENV SPLUNK_PRODUCT universalforwarder
-ENV SPLUNK_VERSION 7.0.2
-ENV SPLUNK_BUILD 03bbabbd5c0f
+ENV SPLUNK_VERSION 7.1.2
+ENV SPLUNK_BUILD a0c72a66db66
ENV SPLUNK_FILENAME splunkforwarder-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-x86_64.tgz
ENV SPLUNK_HOME /opt/splunk
diff --git a/universalforwarder/README.md b/universalforwarder/README.md
index 6f82feb..cd7eaea 100644
--- a/universalforwarder/README.md
+++ b/universalforwarder/README.md
@@ -1,6 +1,6 @@
# Supported tags
-* `7.0.2`, `latest` - Splunk universal forwarder base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile)
+* `7.1.2`, `latest` - Splunk universal forwarder base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile)
* `6.5.3-monitor` - Splunk universal forwarder with Docker Monitoring [Dockerfile](https://github.com/splunk/docker-itmonitoring/blob/master/universalforwarder/Dockerfile)
# What is the Splunk Universal Forwarder?
@@ -18,7 +18,7 @@ If you have not used Docker before, see the [Getting started tutorial](https://d
0. (Optional) Sign up for a Docker ID at [Docker Hub](https://hub.docker.com).
0. Download and install Docker on your system.
0. Open a shell prompt or Terminal window.
-0. Enter the following command to pull the Splunk Enterprise version 7.0.2 image.
+0. Enter the following command to pull the Splunk Enterprise version 7.1.2 image.
```bash
@@ -28,7 +28,7 @@ If you have not used Docker before, see the [Getting started tutorial](https://d
```bash
docker run --name splunkuniversalforwarder \
- --env SPLUNK_START_ARGS=--accept-license \
+ --env SPLUNK_START_ARGS="--accept-license --seed-passwd " \
--env SPLUNK_FORWARD_SERVER=splunk_ip:9997 \
--env SPLUNK_USER=root \
--volume /var/lib/docker/containers:/host/containers:ro \
@@ -49,14 +49,14 @@ The universal forwarder docker image can collect data from a host and send data
The following commands are examples of how to pull and run the universal forwarder Docker image. They can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X).
### Pull an image from this repository for the universal fowarder with the Docker data collection inputs
-The `7.0.2-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container.
+The `7.1.2-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container.
```bash
-docker pull splunk/universalforwarder:7.0.2-monitor
+docker pull splunk/universalforwarder:7.1.2-monitor
```
### Pull the latest version of the image from this repository
-The `7.0.2` and `latest` versions only have the forwarder and do not have any of the data inputs.
+The `7.1.2` and `latest` versions only have the forwarder and do not have any of the data inputs.
=======
The `6.5.3-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container.
@@ -74,13 +74,13 @@ docker pull splunk/universalforwarder:latest
This command starts a universal forwarder instance from the Docker container in this repository, accepts the license agreement, and opens TCP port 8000 so that you can access the Splunk instance from your local machine.
```bash
-docker run --name splunk --hostname splunk -d -e "SPLUNK_START_ARGS=--accept-license" splunk/universalforwarder
+docker run --name splunk --hostname splunk -d -e "SPLUNK_START_ARGS=--accept-license --seed-passwd " splunk/universalforwarder
```
### Start a universal forwarder container and mount the necessary container volumes
```bash
docker run --name vsplunk -v /opt/splunk/etc -v /opt/splunk/var busybox
-docker run --hostname splunk --name splunk --volumes-from=vsplunk -d -e "SPLUNK_START_ARGS=--accept-license" splunk/universalforwarder
+docker run --hostname splunk --name splunk --volumes-from=vsplunk -d -e "SPLUNK_START_ARGS=--accept-license --seed-passwd " splunk/universalforwarder
```
### Use entrypoint.sh to execute Splunk commands
@@ -112,8 +112,8 @@ services:
splunkuniversalforwarder:
hostname: splunkuniversalforwarder
- image: splunk/universalforwarder:7.0.2
- environment: SPLUNK_START_ARGS: --accept-license
+ image: splunk/universalforwarder:7.1.2
+ environment: SPLUNK_START_ARGS: --accept-license --seed-passwd
volumes:
- opt-splunk-etc:/opt/splunk/etc
- opt-splunk-var:/opt/splunk/var
@@ -135,7 +135,7 @@ services:
The `splunk/universalforwarder` image comes in the following variants:
-`splunk/universalforwarder:7.0.2` and `splunk/universalforwarder:latest`
+`splunk/universalforwarder:7.1.2` and `splunk/universalforwarder:latest`
This is the default universal forwarder image.
`splunk/universalforwarder:6.5.3-monitor`
@@ -259,7 +259,7 @@ If you use `docker-compose` (or reference an existing volume with `docker run`)
0. In the `Environment:` section for the universal forwarder image, add the following line:
```
- SPLUNK_START_ARGS: --accept-license --answer-yes
+ SPLUNK_START_ARGS: --accept-license --seed-passwd --answer-yes
```
0. Save `docker-compose.yml` and close it.
0. Run `docker-compose up` again.
diff --git a/universalforwarder/build.sh b/universalforwarder/build.sh
index ef639b9..823b12a 100755
--- a/universalforwarder/build.sh
+++ b/universalforwarder/build.sh
@@ -4,9 +4,9 @@ if [ -z $CURRENT ]; then
fi
-docker build --no-cache=true -t splunk/universalforwarder:7.0.2 $CURRENT
-docker tag splunk/universalforwarder:7.0.2 splunk/universalforwarder:latest
-docker tag splunk/universalforwarder:7.0.2 registry.splunk.com/splunk/universalforwarder:7.0.2
-docker tag splunk/universalforwarder:7.0.2 registry.splunk.com/splunk/universalforwarder:latest
+docker build --no-cache=true -t splunk/universalforwarder:7.1.2 $CURRENT
+docker tag splunk/universalforwarder:7.1.2 splunk/universalforwarder:latest
+docker tag splunk/universalforwarder:7.1.2 registry.splunk.com/splunk/universalforwarder:7.1.2
+docker tag splunk/universalforwarder:7.1.2 registry.splunk.com/splunk/universalforwarder:latest
diff --git a/universalforwarder/docker-compose.yml b/universalforwarder/docker-compose.yml
index 54ad456..91b47fd 100644
--- a/universalforwarder/docker-compose.yml
+++ b/universalforwarder/docker-compose.yml
@@ -1,10 +1,10 @@
# must accept EULA the first time that the image is started
-# docker run splunk/universalforwarder:7.0.2
+# docker run splunk/universalforwarder:7.1.2
# Options on how to review the EULA and accept it:
-# 1. docker run -it splunk/universalforwarder:7.0.2
+# 1. docker run -it splunk/universalforwarder:7.1.2
# 2. Add the following environment variable: SPLUNK_START_ARGS=--accept-license
-# e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/splunkuniversalforwarder:7.0.2
+# e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/splunkuniversalforwarder:7.1.2
# Support for Docker Compose v3, https://docs.docker.com/compose/overview/
version: '3'
@@ -17,7 +17,7 @@ services:
splunkuniversalforwarder:
# build: .
hostname: splunkuniversalforwarder
- image: splunk/universalforwarder:7.0.2
+ image: splunk/universalforwarder:7.1.2
# environment:
# SPLUNK_START_ARGS: --accept-license
volumes:
diff --git a/universalforwarder/entrypoint.sh b/universalforwarder/entrypoint.sh
index 30fd7c8..0950155 100644
--- a/universalforwarder/entrypoint.sh
+++ b/universalforwarder/entrypoint.sh
@@ -47,12 +47,12 @@ Splunk Forwarder
end user license agreement
- If you have reviewed and accepted the license, start container
with the environment variable:
- SPLUNK_START_ARGS=--accept-license
+ SPLUNK_START_ARGS=--accept-license --seed-passwd
Usage:
- docker run -it splunk/universalforwarder:7.0.2
- docker run --env SPLUNK_START_ARGS="--accept-license" outcoldman/splunk:latest-forwarder
+ docker run -it splunk/universalforwarder:7.1.2
+ docker run --env SPLUNK_START_ARGS="--accept-license --seed-passwd " splunk/universalforwarder:7.1.2
EOF
exit 1
diff --git a/universalforwarder/publishImage.sh b/universalforwarder/publishImage.sh
index 14768ce..1b24fca 100755
--- a/universalforwarder/publishImage.sh
+++ b/universalforwarder/publishImage.sh
@@ -1,5 +1,5 @@
#https://docs.docker.com/mac/step_six/
-docker push splunk/universalforwarder:7.0.2
+docker push splunk/universalforwarder:7.1.2
docker push splunk/universalforwarder:latest
docker push registry.splunk.com/splunk/universalforwarder:latest
-docker push registry.splunk.com/splunk/universalforwarder:7.0.2
+docker push registry.splunk.com/splunk/universalforwarder:7.1.2