Skip to content

michaelsayala/splunk-lm-docker-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
docs
docs
 
 
.env
.env
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.manual.yml
docker-compose.manual.yml
 
 
docker-compose.preconfigured.yml
docker-compose.preconfigured.yml
 
 

Repository files navigation

Splunk License Manager Lab (Docker)

Overview

This repository provides a Docker-based Splunk environment designed to demonstrate how a License Manager distributes licenses to other Splunk instances.

The lab demonstrates the following Splunk architectures:

  • License Manager Configuration
  • License Distribution
  • Search Head License Consumption

In this lab:

  • The License Manager manages Splunk licenses centrally.
  • The Search Head connects to the License Manager.
  • The difference between the two deployment modes affects how the License Manager and Search Head are configured.

This environment allows you to practice:

  • Configuring a License Manager
  • Installing and managing Splunk licenses
  • Connecting Splunk instances to a License Manager
  • Monitoring license usage and compliance

Architecture

flowchart TB

%% =========================
%% License Manager
%% =========================
LM["License Manager (lm1)"]

%% =========================
%% Search Head
%% =========================
SH["Search Head (sh1)"]

%% =========================
%% Relationships
%% =========================

SH --> LM
Loading
Component Hostname Web Port Management Port
License Manager lm1 8000 8089
Search Head sh1 8001 8090

All containers run on the external Docker network:

skynet

Prerequisites

1 Install Docker

Install Docker and Docker Compose.

https://docs.docker.com/get-docker/

2 Create Docker Network

Create the external network used by the lab.

docker network create skynet

3 Create .env File

Create a .env file in the project root.

Example:

SPLUNK_PASSWORD=YourStrongPassword

Deployment Modes

1 Base Environment (Manual Configuration)

This deployment starts all Splunk components, but the License Manager is not configured.

The Search Head is running but not yet connected to a License Manager.

Components started:

  • License Manager (lm1)
  • Search Head (sh1)

Allows you to manually practice:

  • Installing a Splunk license via Splunk Web or CLI
  • Configuring the License Manager role
  • Connecting the Search Head to the License Manager
  • Verifying license usage and status

Start environment:

docker-compose -f docker-compose.manual.yml up -d

2 Preconfigured License Manager Environment

This deployment automatically configures the environment during container startup:

  • Configures lm1 as the License Manager
  • Connects sh1 to the License Manager
  • Installs a license file

Start environment:

docker-compose -f docker-compose.preconfigured.yml up -d

The environment is fully configured and will automatically:

  • Distribute licenses from the License Manager
  • Allow the Search Head to consume the license
  • Enable monitoring of license usage and compliance

Required File

Place your Splunk license in the project root:

splunk.License

Repository Structure

.
├── .env
├── docker-compose.manual.yml
├── docker-compose.preconfigured.yml
├── README.md
├── docs/
│   ├── deployment-guide.md
│   ├── post-deployment-validation.md

About

Docker-based Splunk lab simulating a centralized License Manager with distributed clients for hands-on learning and architecture practice.

Topics

docker splunk cybersecurity splunk-enterprise license-manager siem-lab splunk-lab

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors