From 0270627a135529bf3324e98868518489c10a7104 Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Thu, 6 Nov 2025 10:48:33 +0000 Subject: [PATCH 01/13] Splunk Helper Script --- ct/splunk-enterprise.sh | 43 ++++++++ frontend/public/json/splunk-enterprise.json | 40 +++++++ install/splunk-enterprise-install.sh | 109 ++++++++++++++++++++ 3 files changed, 192 insertions(+) create mode 100644 ct/splunk-enterprise.sh create mode 100644 frontend/public/json/splunk-enterprise.json create mode 100644 install/splunk-enterprise-install.sh diff --git a/ct/splunk-enterprise.sh b/ct/splunk-enterprise.sh new file mode 100644 index 000000000..9c263ea7a --- /dev/null +++ b/ct/splunk-enterprise.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +#source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +source <(curl -s https://raw.githubusercontent.com/rcastley/ProxmoxVED/refs/heads/splunk-enterprise/misc/build.func) +# Copyright (c) 2021-2025 tteck +# Author: rcastley +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.splunk.com/en_us/download.html + +# bash -c "$(curl -fsSL https://raw.githubusercontent.com/rcastley/ProxmoxVED/refs/heads/splunk-enterprise/ct/splunk-enterprise.sh)" +APP="Splunk-Enterprise" +var_tags="${var_tags:-monitoring}" +var_cpu="${var_cpu:-2}" +var_ram="${var_ram:-4096}" +var_disk="${var_disk:-20}" +var_os="${var_os:-ubuntu}" +var_version="${var_version:-22.04}" +var_unprivileged="${var_unprivileged:-1}" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + if [[ ! -d /opt/splunk ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + msg_error "Currently we don't provide an update function for this ${APP}." + exit +} + +start +build_container +description + +msg_ok "Completed Successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW}Access the Splunk Enterprise Web interface using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8000${CL}" diff --git a/frontend/public/json/splunk-enterprise.json b/frontend/public/json/splunk-enterprise.json new file mode 100644 index 000000000..dbc074040 --- /dev/null +++ b/frontend/public/json/splunk-enterprise.json @@ -0,0 +1,40 @@ +{ + "name": "Splunk Enterprise", + "slug": "splunk-enterprise", + "categories": [ + 9 + ], + "date_created": "2025-11-06", + "type": "ct", + "updateable": false, + "privileged": false, + "interface_port": 8000, + "documentation": "https://help.splunk.com", + "config_path": "", + "website": "https://www.splunk.com/en_us/download/splunk-enterprise.html", + "logo": "https://www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/logo-splunk-corp-rgb-k-web.svg", + "description": "Index 500 MB/Day. After 60 days you can convert to a perpetual free license or purchase a Splunk Enterprise license to continue using the expanded functionality designed for enterprise-scale deployments.", + "install_methods": [ + { + "type": "default", + "script": "ct/splunk-enterprise.sh", + "resources": { + "cpu": 2, + "ram": 4096, + "hdd": 20, + "os": "Ubuntu", + "version": "22.04" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "text": "The credentials to login can be found in application.creds.", + "type": "info" + } + ] +} diff --git a/install/splunk-enterprise-install.sh b/install/splunk-enterprise-install.sh new file mode 100644 index 000000000..b3add36be --- /dev/null +++ b/install/splunk-enterprise-install.sh @@ -0,0 +1,109 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2025 tteck +# Author: rcastley +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.splunk.com/en_us/download.html + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +# Prompt user to accept Splunk General Terms +echo -e "${TAB3}┌─────────────────────────────────────────────────────────────────────────┐" +echo -e "${TAB3}│ SPLUNK GENERAL TERMS │" +echo -e "${TAB3}└─────────────────────────────────────────────────────────────────────────┘" +echo "" +echo -e "${TAB3}Before proceeding with the Splunk Enterprise installation, you must" +echo -e "${TAB3}review and accept the Splunk General Terms." +echo "" +echo -e "${TAB3}Please review the terms at:" +echo -e "${TAB3}${GATEWAY}${BGN}https://www.splunk.com/en_us/legal/splunk-general-terms.html${CL}" +echo "" + +while true; do + echo -e "${TAB3}Do you accept the Splunk General Terms? (y/N): \c" + read -r response + case $response in + [Yy]|[Yy][Ee][Ss]) + msg_ok "Terms accepted. Proceeding with installation..." + break + ;; + [Nn]|[Nn][Oo]|"") + msg_error "Terms not accepted. Installation cannot proceed." + msg_error "Please review the terms and run the script again if you wish to proceed." + exit 1 + ;; + *) + msg_error "Invalid response. Please enter 'y' for yes or 'n' for no." + ;; + esac +done + +URL="https://www.splunk.com/en_us/download/splunk-enterprise.html" +DEB_URL=$(curl -s "$URL" | grep -o 'data-link="[^"]*' | sed 's/data-link="//' | grep "https.*products/splunk/releases" | grep "\.deb$") +VERSION=$(echo "$DEB_URL" | sed 's|.*/releases/\([^/]*\)/.*|\1|') +DEB_FILE="splunk-enterprise.deb" + +msg_info "Installing Dependencies" +$STD apt-get install -y curl +msg_ok "Installed Dependencies" + +msg_info "Downloading Splunk Enterprise" + +$STD curl -fsSL -o "$DEB_FILE" "$DEB_URL" || { + msg_error "Failed to download Splunk Enterprise from the provided link." + exit 1 +} + +msg_ok "Downloaded Splunk Enterprise v${VERSION}" + +msg_info "Installing Splunk Enterprise" + +$STD dpkg -i "$DEB_FILE" || { + msg_error "Failed to install Splunk Enterprise. Please check the .deb file." + exit 1 +} + +msg_ok "Installed Splunk Enterprise v${VERSION}" + +msg_info "Creating Splunk admin user" +# Define the target directory and file based on version +SPLUNK_HOME="/opt/splunk" + +TARGET_DIR="${SPLUNK_HOME}/etc/system/local" +TARGET_FILE="${TARGET_DIR}/user-seed.conf" +ADMIN_USER="admin" +ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13) +{ + echo "Application-Credentials" + echo "Username: $ADMIN_USER" + echo "Password: $ADMIN_PASS" +} >> ~/application.creds + +cat > "$TARGET_FILE" << EOF +[user_info] +USERNAME = $ADMIN_USER +PASSWORD = $ADMIN_PASS +EOF +msg_ok "Created Splunk admin user" + +msg_info "Starting Splunk Enterprise" + +$STD ${SPLUNK_HOME}/bin/splunk start --accept-license --answer-yes --no-prompt +$STD ${SPLUNK_HOME}/bin/splunk enable boot-start + +msg_ok "Splunk Enterprise started" + +motd_ssh +customize + +msg_info "Cleaning up" +$STD rm -f "$DEB_FILE" +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" From 06d228512c4f9a8da4fb85e48d27d430c7ff8433 Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Thu, 6 Nov 2025 10:53:22 +0000 Subject: [PATCH 02/13] Fix source and increase resources --- ct/splunk-enterprise.sh | 10 ++++------ frontend/public/json/splunk-enterprise.json | 6 +++--- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/ct/splunk-enterprise.sh b/ct/splunk-enterprise.sh index 9c263ea7a..3d1fbfefe 100644 --- a/ct/splunk-enterprise.sh +++ b/ct/splunk-enterprise.sh @@ -1,17 +1,15 @@ #!/usr/bin/env bash -#source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) -source <(curl -s https://raw.githubusercontent.com/rcastley/ProxmoxVED/refs/heads/splunk-enterprise/misc/build.func) +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func) # Copyright (c) 2021-2025 tteck # Author: rcastley # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE # Source: https://www.splunk.com/en_us/download.html -# bash -c "$(curl -fsSL https://raw.githubusercontent.com/rcastley/ProxmoxVED/refs/heads/splunk-enterprise/ct/splunk-enterprise.sh)" APP="Splunk-Enterprise" var_tags="${var_tags:-monitoring}" -var_cpu="${var_cpu:-2}" -var_ram="${var_ram:-4096}" -var_disk="${var_disk:-20}" +var_cpu="${var_cpu:-4}" +var_ram="${var_ram:-8096}" +var_disk="${var_disk:-40}" var_os="${var_os:-ubuntu}" var_version="${var_version:-22.04}" var_unprivileged="${var_unprivileged:-1}" diff --git a/frontend/public/json/splunk-enterprise.json b/frontend/public/json/splunk-enterprise.json index dbc074040..06ffe39c1 100644 --- a/frontend/public/json/splunk-enterprise.json +++ b/frontend/public/json/splunk-enterprise.json @@ -19,9 +19,9 @@ "type": "default", "script": "ct/splunk-enterprise.sh", "resources": { - "cpu": 2, - "ram": 4096, - "hdd": 20, + "cpu": 4, + "ram": 8096, + "hdd": 40, "os": "Ubuntu", "version": "22.04" } From b73a89502dab4f04bfa77f6f01433011c4080392 Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Thu, 6 Nov 2025 14:53:22 +0000 Subject: [PATCH 03/13] Updated to use 24.04. Corrected RAM size --- ct/splunk-enterprise.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ct/splunk-enterprise.sh b/ct/splunk-enterprise.sh index 3d1fbfefe..6af96469f 100644 --- a/ct/splunk-enterprise.sh +++ b/ct/splunk-enterprise.sh @@ -8,10 +8,10 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV APP="Splunk-Enterprise" var_tags="${var_tags:-monitoring}" var_cpu="${var_cpu:-4}" -var_ram="${var_ram:-8096}" +var_ram="${var_ram:-8192}" var_disk="${var_disk:-40}" var_os="${var_os:-ubuntu}" -var_version="${var_version:-22.04}" +var_version="${var_version:-24.04}" var_unprivileged="${var_unprivileged:-1}" header_info "$APP" From 140dd10ad41c9d890986476140ba786a702496af Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Thu, 6 Nov 2025 19:01:58 +0000 Subject: [PATCH 04/13] Addressed some of the PR feedback --- frontend/public/json/splunk-enterprise.json | 2 +- install/splunk-enterprise-install.sh | 27 ++++----------------- 2 files changed, 6 insertions(+), 23 deletions(-) diff --git a/frontend/public/json/splunk-enterprise.json b/frontend/public/json/splunk-enterprise.json index 06ffe39c1..654566195 100644 --- a/frontend/public/json/splunk-enterprise.json +++ b/frontend/public/json/splunk-enterprise.json @@ -33,7 +33,7 @@ }, "notes": [ { - "text": "The credentials to login can be found in application.creds.", + "text": "The credentials to login can be found in splunk.creds.", "type": "info" } ] diff --git a/install/splunk-enterprise-install.sh b/install/splunk-enterprise-install.sh index b3add36be..538b9d322 100644 --- a/install/splunk-enterprise-install.sh +++ b/install/splunk-enterprise-install.sh @@ -13,7 +13,6 @@ setting_up_container network_check update_os -# Prompt user to accept Splunk General Terms echo -e "${TAB3}┌─────────────────────────────────────────────────────────────────────────┐" echo -e "${TAB3}│ SPLUNK GENERAL TERMS │" echo -e "${TAB3}└─────────────────────────────────────────────────────────────────────────┘" @@ -49,43 +48,28 @@ DEB_URL=$(curl -s "$URL" | grep -o 'data-link="[^"]*' | sed 's/data-link="//' | VERSION=$(echo "$DEB_URL" | sed 's|.*/releases/\([^/]*\)/.*|\1|') DEB_FILE="splunk-enterprise.deb" -msg_info "Installing Dependencies" -$STD apt-get install -y curl -msg_ok "Installed Dependencies" - msg_info "Downloading Splunk Enterprise" - $STD curl -fsSL -o "$DEB_FILE" "$DEB_URL" || { msg_error "Failed to download Splunk Enterprise from the provided link." exit 1 } - msg_ok "Downloaded Splunk Enterprise v${VERSION}" msg_info "Installing Splunk Enterprise" - -$STD dpkg -i "$DEB_FILE" || { - msg_error "Failed to install Splunk Enterprise. Please check the .deb file." - exit 1 -} - +$STD dpkg -i "$DEB_FILE" msg_ok "Installed Splunk Enterprise v${VERSION}" msg_info "Creating Splunk admin user" -# Define the target directory and file based on version SPLUNK_HOME="/opt/splunk" - -TARGET_DIR="${SPLUNK_HOME}/etc/system/local" -TARGET_FILE="${TARGET_DIR}/user-seed.conf" ADMIN_USER="admin" ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13) { - echo "Application-Credentials" + echo "Splunk-Credentials" echo "Username: $ADMIN_USER" echo "Password: $ADMIN_PASS" -} >> ~/application.creds +} >> ~/splunk.creds -cat > "$TARGET_FILE" << EOF +cat > "${SPLUNK_HOME}/etc/system/local/user-seed.conf" << EOF [user_info] USERNAME = $ADMIN_USER PASSWORD = $ADMIN_PASS @@ -93,10 +77,8 @@ EOF msg_ok "Created Splunk admin user" msg_info "Starting Splunk Enterprise" - $STD ${SPLUNK_HOME}/bin/splunk start --accept-license --answer-yes --no-prompt $STD ${SPLUNK_HOME}/bin/splunk enable boot-start - msg_ok "Splunk Enterprise started" motd_ssh @@ -107,3 +89,4 @@ $STD rm -f "$DEB_FILE" $STD apt-get -y autoremove $STD apt-get -y autoclean msg_ok "Cleaned" +cleanup_lxc From 0fd75ab63a53780f0ad54f0dd9aa95ce4b24a470 Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Thu, 6 Nov 2025 19:27:02 +0000 Subject: [PATCH 05/13] Reduce the number of vars being used and adhere to the RELEASE var only. --- install/splunk-enterprise-install.sh | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/install/splunk-enterprise-install.sh b/install/splunk-enterprise-install.sh index 538b9d322..fd14a19c0 100644 --- a/install/splunk-enterprise-install.sh +++ b/install/splunk-enterprise-install.sh @@ -43,21 +43,19 @@ while true; do esac done -URL="https://www.splunk.com/en_us/download/splunk-enterprise.html" -DEB_URL=$(curl -s "$URL" | grep -o 'data-link="[^"]*' | sed 's/data-link="//' | grep "https.*products/splunk/releases" | grep "\.deb$") -VERSION=$(echo "$DEB_URL" | sed 's|.*/releases/\([^/]*\)/.*|\1|') -DEB_FILE="splunk-enterprise.deb" +DOWNLOAD_URL=$(curl -s "https://www.splunk.com/en_us/download/splunk-enterprise.html" | grep -o 'data-link="[^"]*' | sed 's/data-link="//' | grep "https.*products/splunk/releases" | grep "\.deb$") +RELEASE=$(echo "$DOWNLOAD_URL" | sed 's|.*/releases/\([^/]*\)/.*|\1|') msg_info "Downloading Splunk Enterprise" -$STD curl -fsSL -o "$DEB_FILE" "$DEB_URL" || { +$STD curl -fsSL -o "splunk-enterprise.deb" "$DOWNLOAD_URL" || { msg_error "Failed to download Splunk Enterprise from the provided link." exit 1 } -msg_ok "Downloaded Splunk Enterprise v${VERSION}" +msg_ok "Downloaded Splunk Enterprise v${RELEASE}" msg_info "Installing Splunk Enterprise" -$STD dpkg -i "$DEB_FILE" -msg_ok "Installed Splunk Enterprise v${VERSION}" +$STD dpkg -i "splunk-enterprise.deb" +msg_ok "Installed Splunk Enterprise v${RELEASE}" msg_info "Creating Splunk admin user" SPLUNK_HOME="/opt/splunk" From d4e3ae18381c577c976e4ae8fdc3cd7383d19103 Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Thu, 6 Nov 2025 19:33:19 +0000 Subject: [PATCH 06/13] Updated description and moved informational text under notes --- frontend/public/json/splunk-enterprise.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/frontend/public/json/splunk-enterprise.json b/frontend/public/json/splunk-enterprise.json index 654566195..d13c25c5b 100644 --- a/frontend/public/json/splunk-enterprise.json +++ b/frontend/public/json/splunk-enterprise.json @@ -13,7 +13,7 @@ "config_path": "", "website": "https://www.splunk.com/en_us/download/splunk-enterprise.html", "logo": "https://www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/logo-splunk-corp-rgb-k-web.svg", - "description": "Index 500 MB/Day. After 60 days you can convert to a perpetual free license or purchase a Splunk Enterprise license to continue using the expanded functionality designed for enterprise-scale deployments.", + "description": "Platform for searching, monitoring, and analyzing machine-generated data at scale for operational intelligence and security.", "install_methods": [ { "type": "default", @@ -35,6 +35,10 @@ { "text": "The credentials to login can be found in splunk.creds.", "type": "info" + }, + { + "text": "Trial license allows indexing 500 MB/Day. After 60 days you can convert to a perpetual free license or purchase a Splunk Enterprise license to continue using the expanded functionality designed for enterprise-scale deployments.", + "type": "info" } ] } From 20c45e6a4348eac3a987db294fee33a44f065daf Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Thu, 6 Nov 2025 19:34:12 +0000 Subject: [PATCH 07/13] Fix RAM requirements and updated Ubuntu version --- frontend/public/json/splunk-enterprise.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frontend/public/json/splunk-enterprise.json b/frontend/public/json/splunk-enterprise.json index d13c25c5b..d0c4e436b 100644 --- a/frontend/public/json/splunk-enterprise.json +++ b/frontend/public/json/splunk-enterprise.json @@ -20,10 +20,10 @@ "script": "ct/splunk-enterprise.sh", "resources": { "cpu": 4, - "ram": 8096, + "ram": 8192, "hdd": 40, "os": "Ubuntu", - "version": "22.04" + "version": "24.04" } } ], From b75aa52bc249b7e9ce32c7436d4f8dba9e84d6fe Mon Sep 17 00:00:00 2001 From: CanbiZ <47820557+MickLesk@users.noreply.github.com> Date: Thu, 6 Nov 2025 20:44:03 +0100 Subject: [PATCH 08/13] Update copyright notice in splunk-enterprise.sh --- ct/splunk-enterprise.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ct/splunk-enterprise.sh b/ct/splunk-enterprise.sh index 6af96469f..5bb7bc14f 100644 --- a/ct/splunk-enterprise.sh +++ b/ct/splunk-enterprise.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func) -# Copyright (c) 2021-2025 tteck +# Copyright (c) 2021-2025 community-scripts ORG # Author: rcastley # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE # Source: https://www.splunk.com/en_us/download.html From 5bb80c71e161e0785e75365d2be3605339ec2c14 Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Thu, 6 Nov 2025 19:44:14 +0000 Subject: [PATCH 09/13] Updated to use Community-Scripts ORG --- install/splunk-enterprise-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/splunk-enterprise-install.sh b/install/splunk-enterprise-install.sh index fd14a19c0..190c24a7a 100644 --- a/install/splunk-enterprise-install.sh +++ b/install/splunk-enterprise-install.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright (c) 2021-2025 tteck +# Copyright (c) 2021-2025 Community-Scripts ORG # Author: rcastley # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE # Source: https://www.splunk.com/en_us/download.html From ef35b94a57311eb4d6c62aec4765b19a0f5f1301 Mon Sep 17 00:00:00 2001 From: CanbiZ <47820557+MickLesk@users.noreply.github.com> Date: Thu, 6 Nov 2025 20:47:04 +0100 Subject: [PATCH 10/13] Update copyright and installation messages in script --- install/splunk-enterprise-install.sh | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/install/splunk-enterprise-install.sh b/install/splunk-enterprise-install.sh index 190c24a7a..27885f7fb 100644 --- a/install/splunk-enterprise-install.sh +++ b/install/splunk-enterprise-install.sh @@ -1,6 +1,5 @@ #!/usr/bin/env bash - -# Copyright (c) 2021-2025 Community-Scripts ORG +# Copyright (c) 2021-2025 community-scripts ORG # Author: rcastley # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE # Source: https://www.splunk.com/en_us/download.html @@ -46,16 +45,14 @@ done DOWNLOAD_URL=$(curl -s "https://www.splunk.com/en_us/download/splunk-enterprise.html" | grep -o 'data-link="[^"]*' | sed 's/data-link="//' | grep "https.*products/splunk/releases" | grep "\.deb$") RELEASE=$(echo "$DOWNLOAD_URL" | sed 's|.*/releases/\([^/]*\)/.*|\1|') -msg_info "Downloading Splunk Enterprise" +msg_info "Setup Splunk Enterprise" $STD curl -fsSL -o "splunk-enterprise.deb" "$DOWNLOAD_URL" || { msg_error "Failed to download Splunk Enterprise from the provided link." exit 1 } -msg_ok "Downloaded Splunk Enterprise v${RELEASE}" - -msg_info "Installing Splunk Enterprise" $STD dpkg -i "splunk-enterprise.deb" -msg_ok "Installed Splunk Enterprise v${RELEASE}" +rm -f "$DEB_FILE" +msg_ok "Setup Splunk Enterprise v${RELEASE}" msg_info "Creating Splunk admin user" SPLUNK_HOME="/opt/splunk" @@ -81,10 +78,4 @@ msg_ok "Splunk Enterprise started" motd_ssh customize - -msg_info "Cleaning up" -$STD rm -f "$DEB_FILE" -$STD apt-get -y autoremove -$STD apt-get -y autoclean -msg_ok "Cleaned" cleanup_lxc From ca8264e5c111961d6731a4bdbd6d433f4137a9c1 Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Thu, 6 Nov 2025 19:51:21 +0000 Subject: [PATCH 11/13] Added note about Splunk Free license --- frontend/public/json/splunk-enterprise.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/frontend/public/json/splunk-enterprise.json b/frontend/public/json/splunk-enterprise.json index d0c4e436b..ee2829b47 100644 --- a/frontend/public/json/splunk-enterprise.json +++ b/frontend/public/json/splunk-enterprise.json @@ -38,6 +38,10 @@ }, { "text": "Trial license allows indexing 500 MB/Day. After 60 days you can convert to a perpetual free license or purchase a Splunk Enterprise license to continue using the expanded functionality designed for enterprise-scale deployments.", + "type": "warning" + }, + { + "text": "About Splunk Free License: https://help.splunk.com/en/splunk-enterprise/administer/admin-manual/10.0/configure-splunk-licenses/about-splunk-free", "type": "info" } ] From 112ef045acc11b17b5e99cfb3de00d4ee70d91ca Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Thu, 6 Nov 2025 21:34:35 +0000 Subject: [PATCH 12/13] Fixed issue with cleaning up downloaded .deb file --- install/splunk-enterprise-install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install/splunk-enterprise-install.sh b/install/splunk-enterprise-install.sh index 27885f7fb..9b841b9d3 100644 --- a/install/splunk-enterprise-install.sh +++ b/install/splunk-enterprise-install.sh @@ -42,8 +42,10 @@ while true; do esac done +msg_info "Getting Splunk Enterprise download link" DOWNLOAD_URL=$(curl -s "https://www.splunk.com/en_us/download/splunk-enterprise.html" | grep -o 'data-link="[^"]*' | sed 's/data-link="//' | grep "https.*products/splunk/releases" | grep "\.deb$") RELEASE=$(echo "$DOWNLOAD_URL" | sed 's|.*/releases/\([^/]*\)/.*|\1|') +msg_ok "Got Splunk Enterprise v${RELEASE} download link" msg_info "Setup Splunk Enterprise" $STD curl -fsSL -o "splunk-enterprise.deb" "$DOWNLOAD_URL" || { @@ -51,7 +53,7 @@ $STD curl -fsSL -o "splunk-enterprise.deb" "$DOWNLOAD_URL" || { exit 1 } $STD dpkg -i "splunk-enterprise.deb" -rm -f "$DEB_FILE" +rm -f "splunk-enterprise.deb" msg_ok "Setup Splunk Enterprise v${RELEASE}" msg_info "Creating Splunk admin user" From 312b4362c3c8acad87b2502cb2c3b2e1e8d716d0 Mon Sep 17 00:00:00 2001 From: CanbiZ <47820557+MickLesk@users.noreply.github.com> Date: Fri, 7 Nov 2025 10:56:50 +0100 Subject: [PATCH 13/13] Refactor Splunk installation script messages and paths --- install/splunk-enterprise-install.sh | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/install/splunk-enterprise-install.sh b/install/splunk-enterprise-install.sh index 9b841b9d3..85387d3a8 100644 --- a/install/splunk-enterprise-install.sh +++ b/install/splunk-enterprise-install.sh @@ -42,12 +42,9 @@ while true; do esac done -msg_info "Getting Splunk Enterprise download link" +msg_info "Setup Splunk Enterprise" DOWNLOAD_URL=$(curl -s "https://www.splunk.com/en_us/download/splunk-enterprise.html" | grep -o 'data-link="[^"]*' | sed 's/data-link="//' | grep "https.*products/splunk/releases" | grep "\.deb$") RELEASE=$(echo "$DOWNLOAD_URL" | sed 's|.*/releases/\([^/]*\)/.*|\1|') -msg_ok "Got Splunk Enterprise v${RELEASE} download link" - -msg_info "Setup Splunk Enterprise" $STD curl -fsSL -o "splunk-enterprise.deb" "$DOWNLOAD_URL" || { msg_error "Failed to download Splunk Enterprise from the provided link." exit 1 @@ -57,7 +54,6 @@ rm -f "splunk-enterprise.deb" msg_ok "Setup Splunk Enterprise v${RELEASE}" msg_info "Creating Splunk admin user" -SPLUNK_HOME="/opt/splunk" ADMIN_USER="admin" ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13) { @@ -66,17 +62,17 @@ ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13) echo "Password: $ADMIN_PASS" } >> ~/splunk.creds -cat > "${SPLUNK_HOME}/etc/system/local/user-seed.conf" << EOF +cat > "/opt/splunk/etc/system/local/user-seed.conf" << EOF [user_info] USERNAME = $ADMIN_USER PASSWORD = $ADMIN_PASS EOF msg_ok "Created Splunk admin user" -msg_info "Starting Splunk Enterprise" -$STD ${SPLUNK_HOME}/bin/splunk start --accept-license --answer-yes --no-prompt -$STD ${SPLUNK_HOME}/bin/splunk enable boot-start -msg_ok "Splunk Enterprise started" +msg_info "Starting Service" +$STD /opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt +$STD /opt/splunk/bin/splunk enable boot-start +msg_ok "Started Service" motd_ssh customize