daniel.g/intesa_splunk_main
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
intesa_splunk_main/compose.yaml

104 lines
3.0 KiB
YAML
Raw Blame History

services:
splunk:
image: splunk/splunk:9.4.2
container_name: splunk
restart: unless-stopped
ports:
- "8000:8000" # Splunk Web
- "8088:8088" # HEC
- "8089:8089" # Management API
environment:
SPLUNK_START_ARGS: --accept-license
SPLUNK_PASSWORD: ${SPLUNK_PASSWORD:-Str0ngP@ss!9}
SPLUNK_HEC_TOKEN: ${SPLUNK_HEC_TOKEN:-dev-0123456789abcdef}
volumes:
- splunk-etc:/opt/splunk/etc
- splunk-var:/opt/splunk/var
healthcheck:
test: ["CMD-SHELL", "curl -sk https://localhost:8089/services/server/info | grep -q version"]
interval: 10s
timeout: 5s
retries: 30
poller:
build:
context: .
dockerfile: poller/Dockerfile
container_name: splunk-poller
restart: unless-stopped
depends_on:
splunk:
condition: service_healthy
environment:
# --- Splunk connection (to containerized Splunk) ---
SPLUNK_HOST: splunk
SPLUNK_PORT: "8089"
SPLUNK_USER: admin
SPLUNK_PW: ${SPLUNK_PASSWORD:-Str0ngP@ss!9}
SPLUNK_VERIFY_SSL: "false"
# --- What to read ---
SPLUNK_INDEX: intesa_payments
SPLUNK_SOURCETYPE: intesa:bonifico
INITIAL_LOOKBACK: -24h@h
CREATE_INDEX_IF_MISSING: "true"
# --- Polling / chunking ---
SLEEP_SECONDS: "60"
MAX_CHUNK_BYTES: "1800000"
# --- Sink selection: file (local) | blob (azure) | blob+queue (azure) ---
SINK: blob+queue
OUTDIR: /app/out
# --- Azure Storage (Blob + Queue) ---
AZURE_STORAGE_CONNECTION_STRING: ${AZURE_STORAGE_CONNECTION_STRING:-}
AZURE_STORAGE_CONTAINER: ${AZURE_STORAGE_CONTAINER:-bank-logs}
AZURE_STORAGE_QUEUE_NAME: ${AZURE_STORAGE_QUEUE_NAME:-log-chunks}
AZURE_COMPRESS: "true"
# --- Email default for enqueued messages ---
POLLER_EMAIL_SEND_DEFAULT: "true"
volumes:
- chunks:/app/out
agent-api:
build:
context: .
dockerfile: api/Dockerfile
container_name: agent-api
restart: unless-stopped
depends_on:
- poller
ports:
- "8080:8080"
env_file:
- .env # AOAI + Mailtrap, etc.
environment:
CHUNK_DIR: /app/out
TOP_K: "12"
# If the API should read blobs directly, ensure these also exist in .env:
# AZURE_STORAGE_CONNECTION_STRING=...
# AZURE_STORAGE_CONTAINER=bank-logs
volumes:
- chunks:/app/out
queue-worker:
build:
context: .
dockerfile: worker/Dockerfile
container_name: queue-worker
restart: unless-stopped
depends_on:
- agent-api
env_file:
- .env # to pick up AZURE_STORAGE_CONNECTION_STRING if you keep it here
environment:
AZURE_STORAGE_CONNECTION_STRING: ${AZURE_STORAGE_CONNECTION_STRING:-}
QUEUE_NAME: ${AZURE_STORAGE_QUEUE_NAME:-log-chunks}
ANALYZER_URL: http://agent-api:8080/analyze # inside compose network
POLL_INTERVAL_SEC: "60"
MAX_DEQUEUE: "1"
VISIBILITY_TIMEOUT: "120"
HTTP_TIMEOUT: "120"
volumes:
splunk-etc:
splunk-var:
chunks:
Reference in New Issue View Git Blame Copy Permalink