From de14cab71505240e290010870fdd9045761285a7 Mon Sep 17 00:00:00 2001 From: Robert Castley Date: Mon, 19 Jan 2026 13:53:25 +0000 Subject: [PATCH] Update/splunk enterprise (#10949) --- ct/splunk-enterprise.sh | 4 ++-- frontend/public/json/splunk-enterprise.json | 6 +++--- install/splunk-enterprise-install.sh | 17 ++++++++++------- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/ct/splunk-enterprise.sh b/ct/splunk-enterprise.sh index 2b9c62f6a..f6aff82f4 100644 --- a/ct/splunk-enterprise.sh +++ b/ct/splunk-enterprise.sh @@ -10,8 +10,8 @@ var_tags="${var_tags:-monitoring}" var_cpu="${var_cpu:-4}" var_ram="${var_ram:-8192}" var_disk="${var_disk:-40}" -var_os="${var_os:-ubuntu}" -var_version="${var_version:-24.04}" +var_os="${var_os:-debian}" +var_version="${var_version:-13}" var_unprivileged="${var_unprivileged:-1}" header_info "$APP" diff --git a/frontend/public/json/splunk-enterprise.json b/frontend/public/json/splunk-enterprise.json index 73a81907d..304ff8377 100644 --- a/frontend/public/json/splunk-enterprise.json +++ b/frontend/public/json/splunk-enterprise.json @@ -12,7 +12,7 @@ "documentation": "https://help.splunk.com", "config_path": "", "website": "https://www.splunk.com/en_us/download/splunk-enterprise.html", - "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/splunk.webp", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/splunk-light.webp", "description": "Platform for searching, monitoring, and analyzing machine-generated data at scale for operational intelligence and security.", "install_methods": [ { @@ -22,8 +22,8 @@ "cpu": 4, "ram": 8192, "hdd": 40, - "os": "Ubuntu", - "version": "24.04" + "os": "Debian", + "version": "13" } } ], diff --git a/install/splunk-enterprise-install.sh b/install/splunk-enterprise-install.sh index ba0f4495d..3b854a23a 100644 --- a/install/splunk-enterprise-install.sh +++ b/install/splunk-enterprise-install.sh @@ -43,14 +43,17 @@ while true; do done msg_info "Setup Splunk Enterprise" -DOWNLOAD_URL=$(curl -s "https://www.splunk.com/en_us/download/splunk-enterprise.html" | grep -o 'data-link="[^"]*' | sed 's/data-link="//' | grep "https.*products/splunk/releases" | grep "\.deb$") +DOWNLOAD_URL=$(curl -s "https://www.splunk.com/en_us/download/splunk-enterprise.html" | grep -o 'data-link="[^"]*' | sed 's/data-link="//' | grep "https.*products/splunk/releases" | grep "linux-amd64\.tgz$") RELEASE=$(echo "$DOWNLOAD_URL" | sed 's|.*/releases/\([^/]*\)/.*|\1|') -$STD curl -fsSL -o "splunk-enterprise.deb" "$DOWNLOAD_URL" || { +$STD curl -fsSL -o "splunk-enterprise.tgz" "$DOWNLOAD_URL" || { msg_error "Failed to download Splunk Enterprise from the provided link." exit 1 } -$STD dpkg -i "splunk-enterprise.deb" -rm -f "splunk-enterprise.deb" +$STD tar -xzf "splunk-enterprise.tgz" -C /opt +rm -f "splunk-enterprise.tgz" +addgroup --system splunk +adduser --system --home /opt/splunk --shell /bin/bash --ingroup splunk --no-create-home splunk +chown -R splunk:splunk /opt/splunk msg_ok "Setup Splunk Enterprise v${RELEASE}" msg_info "Creating Splunk admin user" @@ -62,7 +65,7 @@ ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13) echo "Password: $ADMIN_PASS" } >> ~/splunk.creds -cat > "/opt/splunk/etc/system/local/user-seed.conf" << EOF +cat << EOF > "/opt/splunk/etc/system/local/user-seed.conf" [user_info] USERNAME = $ADMIN_USER PASSWORD = $ADMIN_PASS @@ -70,8 +73,8 @@ EOF msg_ok "Created Splunk admin user" msg_info "Starting Service" -$STD /opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt -$STD /opt/splunk/bin/splunk enable boot-start +$STD sudo -u splunk /opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt +$STD /opt/splunk/bin/splunk enable boot-start -user splunk msg_ok "Started Service" motd_ssh