intesa_splunk/compose.yaml

services:
  splunk:
    image: splunk/splunk:9.4.2
    container_name: splunk
    restart: unless-stopped
    ports:
      - "8000:8000"  # Splunk Web
      - "8088:8088"  # HEC
      - "8089:8089"  # Management API
    environment:
      SPLUNK_START_ARGS: --accept-license
      SPLUNK_PASSWORD: ${SPLUNK_PASSWORD:-Str0ngP@ss!9}
      SPLUNK_HEC_TOKEN: ${SPLUNK_HEC_TOKEN:-dev-0123456789abcdef}
    volumes:
      - splunk-etc:/opt/splunk/etc
      - splunk-var:/opt/splunk/var
    healthcheck:
      test: ["CMD-SHELL", "curl -sk https://localhost:8089/services/server/info | grep -q version"]
      interval: 10s
      timeout: 5s
      retries: 30

  poller:
    build:
      context: .
      dockerfile: poller/Dockerfile
    container_name: splunk-poller
    restart: unless-stopped
    depends_on:
      splunk:
        condition: service_healthy
    environment:
      # Splunk connection (to containerized Splunk)
      SPLUNK_HOST: splunk
      SPLUNK_PORT: "8089"
      SPLUNK_USER: admin
      SPLUNK_PW: ${SPLUNK_PASSWORD:-Str0ngP@ss!9}
      SPLUNK_VERIFY_SSL: "false"
      # What to read
      SPLUNK_INDEX: intesa_payments
      SPLUNK_SOURCETYPE: intesa:bonifico
      INITIAL_LOOKBACK: -24h@h
      # Polling / chunking
      SLEEP_SECONDS: "60"
      MAX_CHUNK_BYTES: "1800000"
      CREATE_INDEX_IF_MISSING: "true"
      # Sink: file (local chunks volume). Switch to blob/blob+sb later.
      SINK: file
      OUTDIR: /app/out
      # Azure creds only if SINK=blob or blob+sb
      AZURE_STORAGE_CONNECTION_STRING: ${AZURE_STORAGE_CONNECTION_STRING:-}
      AZURE_STORAGE_CONTAINER: ${AZURE_STORAGE_CONTAINER:-bank-logs}
      AZURE_SERVICEBUS_CONNECTION_STRING: ${AZURE_SERVICEBUS_CONNECTION_STRING:-}
      AZURE_SERVICEBUS_QUEUE: ${AZURE_SERVICEBUS_QUEUE:-log-chunks}
      AZURE_COMPRESS: "true"
    volumes:
      - chunks:/app/out

  agent-api:
    build:
      context: .
      dockerfile: api/Dockerfile
    container_name: agent-api
    restart: unless-stopped
    depends_on:
      - poller
    ports:
      - "8080:8080"
    # Load envs (Azure OpenAI & Mailtrap) from your local .env
    env_file:
      - .env
    environment:
      # Let the agent read chunks from the shared volume
      CHUNK_DIR: /app/out
      TOP_K: "12"
      # If you want the API to pull blobs directly, ensure these exist in .env or here:
      # AZURE_STORAGE_CONNECTION_STRING: ...
      # AZURE_STORAGE_CONTAINER: bank-logs
    volumes:
      - chunks:/app/out

volumes:
  splunk-etc:
  splunk-var:
  chunks: