Simple script to start and seed a local splunk instances using Docker

splunk.sh

#!/usr/bin/env bash

# Simple script to start and seed a local splunk instances using Docker
# Usage:
# $ bash splunk.sh [USERNAME] [HEC TOKEN]

PASSWORD="$1"
TOKEN="$2"
test -z "$PASSWORD" && PASSWORD=password
test -z "$TOKEN" && TOKEN=token
if ! curl http://localhost:8000/en-US/account/login &>/dev/null; then

  cat << EOF > $(pwd)/default.yml
---
splunk:
  password: ${PASSWORD}
  hec:
    enable: True
    ssl: False
    port: 8088
    token: ${TOKEN}
EOF

  docker run --name splunk --rm -d \
    -p 8000:8000 -p 8089:8089 -p 8088:8088 \
    -e "SPLUNK_START_ARGS=--accept-license" \
    --mount type=bind,source="$(pwd)"/default.yml,target=/tmp/defaults/default.yml \
    --name splunk splunk/splunk:latest

  echo "------ "
  echo "== Waiting for Splunk to start, this might take a minute."
  while ! curl http://localhost:8000/en-US/account/login &>/dev/null; do
    printf "."
    sleep 1
  done
  echo " "
  echo "== Splunk started with"
else
  echo "== Splunk already running, assuming"
  if test -f default.yml; then
    PASSWORD="$(cat default.yml | grep "password:" | awk '{ print $NF }')"
    TOKEN="$(cat default.yml | grep "token:" | awk '{ print $NF }')"
  fi
fi

echo "--> PASSWORD: ${PASSWORD}"
echo "--> HEC TOKEN: ${TOKEN}"
echo " "
batch_id=$(date | md5)
echo "== Seeding Splunk events (id=$batch_id)..."
for n in `seq 1 100`; do
  sleep .25
  event="[`date`] id=$batch_id event=$n"
  if ( curl -s -S -k -H "Authorization: Splunk ${TOKEN}" \
    http://localhost:8088/services/collector/event \
    -d "{\"event\": \"${event}\"}" | grep Success ) &> /dev/null
  then
    printf "."
  else
    printf "x"
  fi
done
echo " "
echo "== Seeded batch 'id=${batch_id}'"
echo "---"
echo "Example query:"
echo " "
echo "search index=main sourcetype=httpevent id=${batch_id}"