Skip to content

Latest commit

 

History

History
64 lines (50 loc) · 1.79 KB

README.md

File metadata and controls

64 lines (50 loc) · 1.79 KB

Purpose

This script aim to easly build a local splunk, and imports logs for tests purposes.

Set up

  1. Get the script from this repo
git clone https://github.com/Neyrian/build_splunk_test.git
  1. Ensure that you have docker installed, otherwise run
sudo apt install docker.io
  1. Change the var $workind_dir in the script with your working dir.

  2. Download in your $workind_dir the following splunk apps:

  1. (Optional) On a windows machine, export Security, Application and System logs in xml and put them in the folder $workind_dir/Windows under xmlwineventlogSecurity.xml, xmlwineventlogApplication.xml, xmlwineventlogSystem.xml.

  2. Then run the cheks command

./splunk.sh checks

Usages

You can display the "help" menu by running the script wuthout any args. For your first run, you'd run the following commands

./splunk.sh checks
./splunk.sh create
./splunk.sh createIndexes
./splunk.sh importLogs
./splunk.sh apps

And your splunk instance should be available on http://localhost:8000/ with creds: admin:Admin#123 (by default)

Using WSL2

If you are using WSL, you may encounter some issue accessing the splunk instance. It is likely a port forwarding issue. Powershell command:

netsh interface portproxy add v4tov4 listenport=<Win_port> listenaddress=0.0.0.0 connectport=<WSL2_port> connectaddress=<WSL2_IP>

Obtain <WSL2_IP> from

wsl hostname -I

To see existing port-forwardings:

netsh interface portproxy show all

To delete a particular port-forwarding:

netsh interface portproxy delete v4tov4 listenport=<port> listenaddress=<IP>