Splunk Enterprise for free?

By:
On:
In: General, Splunk

Splunk Enterprise for free?

Splunk offers us 60 days enterprise license for free. After that you either have switch back to free version or paid or reinstall the whole splunk.

As a developer, it’s for sure i love to use enterprise license but i can’t afford to buy it. My only solution is to reinstall splunk from scratch. No, no , i will lose all my search, i have to setup everything. I don’t need the data ingestion but i need to keep my search, my settings. I’m looking for a simple solution to keep all my settings after i reset.

I see Splunk offer some docker version, why not using it? you just need to re-create the container. i did some research and i know there are some folders i can keep it persistent after the reset.

I finally come with this docker-compose.yml file

version: '3'
services:
    splunk:
        image: splunk/splunk:9.0
        hostname: "splunk"
        container_name: "splunk"
        restart: always
        networks:
           #we need to create this network first
           - lan-docker
        volumes:
            - ./data:/data
            - ./data/etc.apps/apps:/opt/splunk/etc/apps
            - ./data/etc.users:/opt/splunk/etc/users
            - ./data/etc.system/local/alert_actions.conf:/opt/splunk/etc/system/local/alert_actions.conf
        ports:
            - 127.0.0.1:8001:8000
        environment:
            TZ: "America/New_York"
            SPLUNK_START_ARGS: "--accept-license"
            SPLUNK_PASSWORD: "your-passwor-here"
networks:
  lan-docker:
    external: true

I create this file whenever my license expires , just need to run this: run.sh

sudo docker stop splunk
sudo docker container rm splunk
echo "starting"

sudo docker-compose up -d