community-scripts/ProxmoxVED
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Splunk Helper Script

Browse Source
This commit is contained in:
Robert Castley 2025-11-06 10:48:33 +00:00
parent c78b7b1f34
commit 0270627a13
3 changed files with 192 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
ct/splunk-enterprise.sh Normal file
View File

@ -0,0 +1,43 @@
#!/usr/bin/env bash
#source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
source <(curl -s https://raw.githubusercontent.com/rcastley/ProxmoxVED/refs/heads/splunk-enterprise/misc/build.func)
# Copyright (c) 2021-2025 tteck
# Author: rcastley
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://www.splunk.com/en_us/download.html
# bash -c "$(curl -fsSL https://raw.githubusercontent.com/rcastley/ProxmoxVED/refs/heads/splunk-enterprise/ct/splunk-enterprise.sh)"
APP="Splunk-Enterprise"
var_tags="${var_tags:-monitoring}"
var_cpu="${var_cpu:-2}"
var_ram="${var_ram:-4096}"
var_disk="${var_disk:-20}"
var_os="${var_os:-ubuntu}"
var_version="${var_version:-22.04}"
var_unprivileged="${var_unprivileged:-1}"
header_info "$APP"
variables
color
catch_errors
function update_script() {
header_info
check_container_storage
check_container_resources
if [[ ! -d /opt/splunk ]]; then
msg_error "No ${APP} Installation Found!"
exit
fi
msg_error "Currently we don't provide an update function for this ${APP}."
exit
}
start
build_container
description
msg_ok "Completed Successfully!\n"
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
echo -e "${INFO}${YW}Access the Splunk Enterprise Web interface using the following URL:${CL}"
echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8000${CL}"

40
frontend/public/json/splunk-enterprise.json Normal file
View File

@ -0,0 +1,40 @@
{
"name": "Splunk Enterprise",
"slug": "splunk-enterprise",
"categories": [
9
],
"date_created": "2025-11-06",
"type": "ct",
"updateable": false,
"privileged": false,
"interface_port": 8000,
"documentation": "https://help.splunk.com",
"config_path": "",
"website": "https://www.splunk.com/en_us/download/splunk-enterprise.html",
"logo": "https://www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/logo-splunk-corp-rgb-k-web.svg",
"description": "Index 500 MB/Day. After 60 days you can convert to a perpetual free license or purchase a Splunk Enterprise license to continue using the expanded functionality designed for enterprise-scale deployments.",
"install_methods": [
{
"type": "default",
"script": "ct/splunk-enterprise.sh",
"resources": {
"cpu": 2,
"ram": 4096,
"hdd": 20,
"os": "Ubuntu",
"version": "22.04"
}
}
],
"default_credentials": {
"username": null,
"password": null
},
"notes": [
{
"text": "The credentials to login can be found in application.creds.",
"type": "info"
}
]
}

109
install/splunk-enterprise-install.sh Normal file
View File

@ -0,0 +1,109 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2025 tteck
# Author: rcastley
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://www.splunk.com/en_us/download.html
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
# Prompt user to accept Splunk General Terms
echo -e "${TAB3}┌─────────────────────────────────────────────────────────────────────────┐"
echo -e "${TAB3}│ SPLUNK GENERAL TERMS │"
echo -e "${TAB3}└─────────────────────────────────────────────────────────────────────────┘"
echo ""
echo -e "${TAB3}Before proceeding with the Splunk Enterprise installation, you must"
echo -e "${TAB3}review and accept the Splunk General Terms."
echo ""
echo -e "${TAB3}Please review the terms at:"
echo -e "${TAB3}${GATEWAY}${BGN}https://www.splunk.com/en_us/legal/splunk-general-terms.html${CL}"
echo ""
while true; do
echo -e "${TAB3}Do you accept the Splunk General Terms? (y/N): \c"
read -r response
case $response in
[Yy]|[Yy][Ee][Ss])
msg_ok "Terms accepted. Proceeding with installation..."
break
;;
[Nn]|[Nn][Oo]|"")
msg_error "Terms not accepted. Installation cannot proceed."
msg_error "Please review the terms and run the script again if you wish to proceed."
exit 1
;;
*)
msg_error "Invalid response. Please enter 'y' for yes or 'n' for no."
;;
esac
done
URL="https://www.splunk.com/en_us/download/splunk-enterprise.html"
DEB_URL=$(curl -s "$URL" | grep -o 'data-link="[^"]*' | sed 's/data-link="//' | grep "https.*products/splunk/releases" | grep "\.deb$")
VERSION=$(echo "$DEB_URL" | sed 's|.*/releases/\([^/]*\)/.*|\1|')
DEB_FILE="splunk-enterprise.deb"
msg_info "Installing Dependencies"
$STD apt-get install -y curl
msg_ok "Installed Dependencies"
msg_info "Downloading Splunk Enterprise"
$STD curl -fsSL -o "$DEB_FILE" "$DEB_URL" || {
msg_error "Failed to download Splunk Enterprise from the provided link."
exit 1
}
msg_ok "Downloaded Splunk Enterprise v${VERSION}"
msg_info "Installing Splunk Enterprise"
$STD dpkg -i "$DEB_FILE" || {
msg_error "Failed to install Splunk Enterprise. Please check the .deb file."
exit 1
}
msg_ok "Installed Splunk Enterprise v${VERSION}"
msg_info "Creating Splunk admin user"
# Define the target directory and file based on version
SPLUNK_HOME="/opt/splunk"
TARGET_DIR="${SPLUNK_HOME}/etc/system/local"
TARGET_FILE="${TARGET_DIR}/user-seed.conf"
ADMIN_USER="admin"
ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
{
echo "Application-Credentials"
echo "Username: $ADMIN_USER"
echo "Password: $ADMIN_PASS"
} >> ~/application.creds
cat > "$TARGET_FILE" << EOF
[user_info]
USERNAME = $ADMIN_USER
PASSWORD = $ADMIN_PASS
EOF
msg_ok "Created Splunk admin user"
msg_info "Starting Splunk Enterprise"
$STD ${SPLUNK_HOME}/bin/splunk start --accept-license --answer-yes --no-prompt
$STD ${SPLUNK_HOME}/bin/splunk enable boot-start
msg_ok "Splunk Enterprise started"
motd_ssh
customize
msg_info "Cleaning up"
$STD rm -f "$DEB_FILE"
$STD apt-get -y autoremove
$STD apt-get -y autoclean
msg_ok "Cleaned"