77 lines
2.1 KiB
YAML
77 lines
2.1 KiB
YAML
services:
|
|
splunk:
|
|
image: splunk/splunk:9.4.2
|
|
container_name: splunk
|
|
restart: unless-stopped
|
|
ports:
|
|
- "8000:8000" # Splunk Web
|
|
- "8088:8088" # HEC
|
|
- "8089:8089" # Management API
|
|
environment:
|
|
SPLUNK_START_ARGS: --accept-license
|
|
SPLUNK_PASSWORD: ${SPLUNK_PASSWORD}
|
|
SPLUNK_HEC_TOKEN: ${SPLUNK_HEC_TOKEN}
|
|
volumes:
|
|
- splunk-etc:/opt/splunk/etc
|
|
- splunk-var:/opt/splunk/var
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -sk https://localhost:8089/services/server/info | grep -q version"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 30
|
|
|
|
poller:
|
|
build:
|
|
context: ./poller
|
|
container_name: splunk-poller
|
|
restart: unless-stopped
|
|
depends_on:
|
|
splunk:
|
|
condition: service_healthy
|
|
environment:
|
|
# --- Splunk connection ---
|
|
SPLUNK_HOST: splunk
|
|
SPLUNK_PORT: "8089"
|
|
SPLUNK_USER: admin
|
|
SPLUNK_PW: ${SPLUNK_PASSWORD}
|
|
SPLUNK_VERIFY_SSL: "false" # self-signed cert in container
|
|
# --- What to read ---
|
|
SPLUNK_INDEX: intesa_payments
|
|
SPLUNK_SOURCETYPE: intesa:bonifico
|
|
INITIAL_LOOKBACK: -24h@h
|
|
CREATE_INDEX_IF_MISSING: "true"
|
|
# --- Polling / chunking ---
|
|
SLEEP_SECONDS: "60"
|
|
MAX_CHUNK_BYTES: "1800000"
|
|
# --- Sink selection: file | blob | blob+sb ---
|
|
SINK: file
|
|
OUTDIR: /app/out
|
|
CKPT_FILE: /app/out/.ckpt
|
|
# --- Azure (only if using blob / blob+sb) ---
|
|
AZURE_STORAGE_CONNECTION_STRING: ${AZURE_STORAGE_CONNECTION_STRING:-}
|
|
AZURE_STORAGE_CONTAINER: bank-logs
|
|
AZURE_SERVICEBUS_CONNECTION_STRING: ${AZURE_SERVICEBUS_CONNECTION_STRING:-}
|
|
AZURE_SERVICEBUS_QUEUE: log-chunks
|
|
AZURE_COMPRESS: "true"
|
|
volumes:
|
|
- ./out:/app/out
|
|
|
|
analyzer:
|
|
build:
|
|
context: ./analyzer
|
|
container_name: analyzer
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- poller
|
|
environment:
|
|
CHUNK_DIR: /app/out
|
|
REPORT_DIR: /app/reports
|
|
WATCH_SECONDS: "60"
|
|
volumes:
|
|
- ./out:/app/out
|
|
- ./reports:/app/reports
|
|
|
|
volumes:
|
|
splunk-etc:
|
|
splunk-var:
|