Setting up an environment may take some of your time. This repository aims to get a local playground environment up quickly. It will require internet access at the start then everything can go offline and disconnected once setup. The 5 forwarders come built-in to simulate multiple h9sts and sources, where references for queries are scattered around internet, for example, https://www.stationx.net/splunk-cheat-sheet/.
- Create Splunk Enterprise trial container (This should allow us to play with Alert)
- Create 5 Splunk forwarder containers with log generator script (Credit the generator script to Josh Samuelson from the Learning Splunk course).
- Internet connection
- Docker
- splunk.sh : Setup environment by creating a bridge network for Splunk and 5 nodes with Splunk Forwarders
- cleanup.sh : Clean up all the containers and network bridge
