git clone https://github.com/sonnyyu/docker-splunk-hec
cd docker-splunk-hec
Use mtls-cert-manage generate server/client/ca certificate
https://github.com/sonnyyu/mtls-cert-manage
cd ~/mtls-cert-manage/pki/splunkcerts
cp ca.crt server.pem ~/docker-splunk-hec/splunk/certs
sudo cp 192.168.1.204.pem 192.168.1.204.key ~/docker-splunk-hec/splunk/webcerts
docker-compose build
docker-compose up -d
docker-compose down
docker-compose down -v
curl -k https://192.168.1.204:8000
cd ~/docker-splunk-hec/splunk/certs
curl --cacert ca.crt https://192.168.1.204:8000
sudo apt-get install -y ca-certificates
cd ~/docker-splunk-hec/splunk/certs
sudo cp ca.crt /usr/local/share/ca-certificates
sudo update-ca-certificates
curl https://192.168.1.204:8000
https://192.168.1.204:8000
Testing splunk-hec allows curl to proceed and operate even for server connections otherwise considered insecure
curl -k "https://192.168.1.204:8088/services/collector" \
-H "Authorization: Splunk 3f066d2a-c871-4800-87fc-e6be5fa69f1b" \
-d '{"event": "Hello, world!", "sourcetype": "manual"}'
Testing splunk-hec by add the CA cert for your server to the existing default CA certificate store (CURL)
cd ~/docker-splunk-hec/splunk/certs
curl --cacert ca.crt "https://192.168.1.204:8088/services/collector" \
-H "Authorization: Splunk 3f066d2a-c871-4800-87fc-e6be5fa69f1b" \
-d '{"event": "Hello, world!", "sourcetype": "manual"}'
curl "https://192.168.1.204:8088/services/collector" \
-H "Authorization: Splunk 3f066d2a-c871-4800-87fc-e6be5fa69f1b" \
-d '{"event": "Hello, world!", "sourcetype": "manual"}'
sudo apt update
sudo apt install uuid-runtime
uuidgen
Output
4c061a62-deae-49da-bdbe-6a4aad67d5f9
nano ~/docker-splunk-hec/splunk/inputs.conf