services: splunk: image: splunk/splunk:9.4.2 container_name: splunk restart: unless-stopped ports: - "8000:8000" # Splunk Web - "8088:8088" # HEC - "8089:8089" # Management API environment: SPLUNK_START_ARGS: --accept-license SPLUNK_PASSWORD: ${SPLUNK_PASSWORD} SPLUNK_HEC_TOKEN: ${SPLUNK_HEC_TOKEN} volumes: - splunk-etc:/opt/splunk/etc - splunk-var:/opt/splunk/var healthcheck: test: ["CMD-SHELL", "curl -sk https://localhost:8089/services/server/info | grep -q version"] interval: 10s timeout: 5s retries: 30 poller: build: context: ./poller container_name: splunk-poller restart: unless-stopped depends_on: splunk: condition: service_healthy environment: # --- Splunk connection --- SPLUNK_HOST: splunk SPLUNK_PORT: "8089" SPLUNK_USER: admin SPLUNK_PW: ${SPLUNK_PASSWORD} SPLUNK_VERIFY_SSL: "false" # self-signed cert in container # --- What to read --- SPLUNK_INDEX: intesa_payments SPLUNK_SOURCETYPE: intesa:bonifico INITIAL_LOOKBACK: -24h@h CREATE_INDEX_IF_MISSING: "true" # --- Polling / chunking --- SLEEP_SECONDS: "60" MAX_CHUNK_BYTES: "1800000" # --- Sink selection: file | blob | blob+sb --- SINK: file OUTDIR: /app/out CKPT_FILE: /app/out/.ckpt # --- Azure (only if using blob / blob+sb) --- AZURE_STORAGE_CONNECTION_STRING: ${AZURE_STORAGE_CONNECTION_STRING:-} AZURE_STORAGE_CONTAINER: bank-logs AZURE_SERVICEBUS_CONNECTION_STRING: ${AZURE_SERVICEBUS_CONNECTION_STRING:-} AZURE_SERVICEBUS_QUEUE: log-chunks AZURE_COMPRESS: "true" volumes: - ./out:/app/out analyzer: build: context: ./analyzer container_name: analyzer restart: unless-stopped depends_on: - poller environment: CHUNK_DIR: /app/out REPORT_DIR: /app/reports WATCH_SECONDS: "60" volumes: - ./out:/app/out - ./reports:/app/reports volumes: splunk-etc: splunk-var: