From 0270627a135529bf3324e98868518489c10a7104 Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Thu, 6 Nov 2025 10:48:33 +0000 Subject: [PATCH] Splunk Helper Script --- ct/splunk-enterprise.sh | 43 ++++++++ frontend/public/json/splunk-enterprise.json | 40 +++++++ install/splunk-enterprise-install.sh | 109 ++++++++++++++++++++ 3 files changed, 192 insertions(+) create mode 100644 ct/splunk-enterprise.sh create mode 100644 frontend/public/json/splunk-enterprise.json create mode 100644 install/splunk-enterprise-install.sh diff --git a/ct/splunk-enterprise.sh b/ct/splunk-enterprise.sh new file mode 100644 index 000000000..9c263ea7a --- /dev/null +++ b/ct/splunk-enterprise.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +#source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +source <(curl -s https://raw.githubusercontent.com/rcastley/ProxmoxVED/refs/heads/splunk-enterprise/misc/build.func) +# Copyright (c) 2021-2025 tteck +# Author: rcastley +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.splunk.com/en_us/download.html + +# bash -c "$(curl -fsSL https://raw.githubusercontent.com/rcastley/ProxmoxVED/refs/heads/splunk-enterprise/ct/splunk-enterprise.sh)" +APP="Splunk-Enterprise" +var_tags="${var_tags:-monitoring}" +var_cpu="${var_cpu:-2}" +var_ram="${var_ram:-4096}" +var_disk="${var_disk:-20}" +var_os="${var_os:-ubuntu}" +var_version="${var_version:-22.04}" +var_unprivileged="${var_unprivileged:-1}" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + if [[ ! -d /opt/splunk ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + msg_error "Currently we don't provide an update function for this ${APP}." + exit +} + +start +build_container +description + +msg_ok "Completed Successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW}Access the Splunk Enterprise Web interface using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8000${CL}" diff --git a/frontend/public/json/splunk-enterprise.json b/frontend/public/json/splunk-enterprise.json new file mode 100644 index 000000000..dbc074040 --- /dev/null +++ b/frontend/public/json/splunk-enterprise.json @@ -0,0 +1,40 @@ +{ + "name": "Splunk Enterprise", + "slug": "splunk-enterprise", + "categories": [ + 9 + ], + "date_created": "2025-11-06", + "type": "ct", + "updateable": false, + "privileged": false, + "interface_port": 8000, + "documentation": "https://help.splunk.com", + "config_path": "", + "website": "https://www.splunk.com/en_us/download/splunk-enterprise.html", + "logo": "https://www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/logo-splunk-corp-rgb-k-web.svg", + "description": "Index 500 MB/Day. After 60 days you can convert to a perpetual free license or purchase a Splunk Enterprise license to continue using the expanded functionality designed for enterprise-scale deployments.", + "install_methods": [ + { + "type": "default", + "script": "ct/splunk-enterprise.sh", + "resources": { + "cpu": 2, + "ram": 4096, + "hdd": 20, + "os": "Ubuntu", + "version": "22.04" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "text": "The credentials to login can be found in application.creds.", + "type": "info" + } + ] +} diff --git a/install/splunk-enterprise-install.sh b/install/splunk-enterprise-install.sh new file mode 100644 index 000000000..b3add36be --- /dev/null +++ b/install/splunk-enterprise-install.sh @@ -0,0 +1,109 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2025 tteck +# Author: rcastley +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.splunk.com/en_us/download.html + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +# Prompt user to accept Splunk General Terms +echo -e "${TAB3}┌─────────────────────────────────────────────────────────────────────────┐" +echo -e "${TAB3}│ SPLUNK GENERAL TERMS │" +echo -e "${TAB3}└─────────────────────────────────────────────────────────────────────────┘" +echo "" +echo -e "${TAB3}Before proceeding with the Splunk Enterprise installation, you must" +echo -e "${TAB3}review and accept the Splunk General Terms." +echo "" +echo -e "${TAB3}Please review the terms at:" +echo -e "${TAB3}${GATEWAY}${BGN}https://www.splunk.com/en_us/legal/splunk-general-terms.html${CL}" +echo "" + +while true; do + echo -e "${TAB3}Do you accept the Splunk General Terms? (y/N): \c" + read -r response + case $response in + [Yy]|[Yy][Ee][Ss]) + msg_ok "Terms accepted. Proceeding with installation..." + break + ;; + [Nn]|[Nn][Oo]|"") + msg_error "Terms not accepted. Installation cannot proceed." + msg_error "Please review the terms and run the script again if you wish to proceed." + exit 1 + ;; + *) + msg_error "Invalid response. Please enter 'y' for yes or 'n' for no." + ;; + esac +done + +URL="https://www.splunk.com/en_us/download/splunk-enterprise.html" +DEB_URL=$(curl -s "$URL" | grep -o 'data-link="[^"]*' | sed 's/data-link="//' | grep "https.*products/splunk/releases" | grep "\.deb$") +VERSION=$(echo "$DEB_URL" | sed 's|.*/releases/\([^/]*\)/.*|\1|') +DEB_FILE="splunk-enterprise.deb" + +msg_info "Installing Dependencies" +$STD apt-get install -y curl +msg_ok "Installed Dependencies" + +msg_info "Downloading Splunk Enterprise" + +$STD curl -fsSL -o "$DEB_FILE" "$DEB_URL" || { + msg_error "Failed to download Splunk Enterprise from the provided link." + exit 1 +} + +msg_ok "Downloaded Splunk Enterprise v${VERSION}" + +msg_info "Installing Splunk Enterprise" + +$STD dpkg -i "$DEB_FILE" || { + msg_error "Failed to install Splunk Enterprise. Please check the .deb file." + exit 1 +} + +msg_ok "Installed Splunk Enterprise v${VERSION}" + +msg_info "Creating Splunk admin user" +# Define the target directory and file based on version +SPLUNK_HOME="/opt/splunk" + +TARGET_DIR="${SPLUNK_HOME}/etc/system/local" +TARGET_FILE="${TARGET_DIR}/user-seed.conf" +ADMIN_USER="admin" +ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13) +{ + echo "Application-Credentials" + echo "Username: $ADMIN_USER" + echo "Password: $ADMIN_PASS" +} >> ~/application.creds + +cat > "$TARGET_FILE" << EOF +[user_info] +USERNAME = $ADMIN_USER +PASSWORD = $ADMIN_PASS +EOF +msg_ok "Created Splunk admin user" + +msg_info "Starting Splunk Enterprise" + +$STD ${SPLUNK_HOME}/bin/splunk start --accept-license --answer-yes --no-prompt +$STD ${SPLUNK_HOME}/bin/splunk enable boot-start + +msg_ok "Splunk Enterprise started" + +motd_ssh +customize + +msg_info "Cleaning up" +$STD rm -f "$DEB_FILE" +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned"