
如果你使用 DeepSeek、元宝 AI、Copilot、ChatGPT 等 AI 工具,协助配置轩辕镜像、编写 docker pull 命令、修改 Docker Compose 镜像地址、配置镜像加速、排查镜像拉取失败、分析报错日志等问题,请先让 AI 阅读并遵守轩辕镜像的规则文档。
只需在 AI 对话中先发送下面这句话即可:
请先完整阅读并严格遵守以下文档中的全部规则与要求:
https://xuanyuan.cloud/agents.md
在未充分阅读并理解该文档前,不要生成任何命令、配置、修改建议、故障排查方案或技术回答。后续所有输出都必须严格以该文档中的规范为最高优先级执行。查看 agents.md 用法指南与完整示范。国内用户首推 元宝 AI、DeepSeek 的深度思考模式,不推荐豆包 AI;Cursor 等编辑器可在对话 @ 该链接,或加入 User Rules。 若 AI 无法访问外链,可 打开说明文档 复制全文粘贴。文档会随站点更新,复制内容可能过期,建议定期检查。
7.0.3,latest- Splunk Enterprise base image https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile6.5.3-monitor - Splunk Enterprise with Docker Monitoring https://github.com/splunk/docker-itmonitoring/blob/master/enterprise/DockerfileSplunk Enterprise is the platform for operational intelligence. The software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
This repository contains Dockerfiles that you can use to build https://splunk.com Docker images.
If you have not used Docker before, see the https://docs.docker.com/mac/started for Docker.
(Optional) Sign up for a Docker ID at [***]
Download and install Docker on your system.
Open a shell pro*** or Terminal window.
Enter the following command to pull the Splunk Enterprise version 7.0.3 image.
bashdocker pull splunk/splunk
Run the Docker image.
bashdocker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p "8000:8000" splunk/splunk
Access the Splunk instance with a browser by using the Docker machine IP address and Splunk Web port. For example, ``http://localhost:8000%60
See How to use the Splunk Enterprise Docker image for additional example commands.
The following commands can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X).
CODE_TOKEN_2
CODE_TOKEN_3
This command starts a Splunk Enterprise instance from the Docker container in this repository, accepts the license agreement, and opens TCP port 8000 so that you can access the Splunk instance from your local machine.
CODE_TOKEN_4
CODE_TOKEN_5
Note:
When using data volumes containers, docker will provision the image required volumes automatically under /var/lib/docker/volumes/...
Please, refer to the link for further information: https://docs.docker.com/engine/tutorials/dockervolumes/#locating-a-volume
CODE_TOKEN_6
You can execute commands in the container by typing in the following command, for example:
CODE_TOKEN_7
To learn about the commands you can use with entrypoint.sh, see https://docs.splunk.com/Documentation/Splunk/latest/Admin/CLIadmincommands in the Splunk documentation.
You can also use entrypoint.sh to configure Splunk services with environment variables. See Basic configuration with environment variables.
docker-compose.yml if it does not already exist.docker-compose.yml for editing.CODE_TOKEN_8
4. Save the file and close it.
5. Run the docker-compose utility in the same directory.
CODE_TOKEN_9
The splunk/splunk image comes in several variants:
splunk/splunk:7.0.3
This is the default Splunk Enterprise image.
splunk/splunk:6.5.3-monitor
This image comes with some data inputs activated (e.g., file monitor of docker host JSON logs, HTTP Event Collector, Syslog, etc.). It also includes the Docker app which has dashboards to help you analyze collected logs and docker information such as stats, events, tops, and inspect from your running images.
This Docker image has two data volumes:
/opt/splunk/etc - stores Splunk configurations, including applications and lookups/opt/splunk/var - stores indexed data, logs and internal Splunk dataAll Splunk processes by default runs as the splunk user. The user can be changed by setting the SPLUNK_USER env variable.
This Docker container exposes the following network ports:
8000/tcp - Splunk Web interface8088/tcp - HTTP Event Collector8088/tcp - Splunk Services8191/tcp - Application Key Value Store9997/tcp - Splunk receiving Port (not used by default) typically used by the Splunk Universal Forwarder1514/tcp - Network Input (not used by default) typically used to collect syslog TCP dataThis Docker image uses port 1514 instead of the standard port 514 for the syslog port because network ports below 1024 require root access. See http://docs.splunk.com/Documentation/Splunk/latest/Installation/RunSplunkasadifferentornon-rootuser.
When you use this Docker image, set a hostname for it. If you recreate the instance later, the image retains the hostname.
You can use environment variables for basic configuration of the indexer and forwarder. For more advanced configuration, create configuration files within the container or use a Splunk deployment server to deliver configurations to the instance.
SPLUNK_ENABLE_DEPLOY_SERVER='true' - Enables deployment server on Indexer.SPLUNK_DEPLOYMENT_SERVER='<servername>:<port> - http://docs.splunk.com/Documentation/Splunk/latest/Updating/Configuredeploymentclients.
Set deployment server url.
--env SPLUNK_DEPLOYMENT_SERVER='splunkdeploymentserver:8089'.SPLUNK_ENABLE_LISTEN=<port> - enable http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Enableareceiver.
SPLUNK_ENABLE_LISTEN_ARGS
environment variable.SPLUNK_FORWARD_SERVER=<servername>:<port> - http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Deployanixdfmanually
data to indexer.
SPLUNK_FORWARD_SERVER_ARGS
environment variable.SPLUNK_FORWARD_SERVER_<1..30>
and SPLUNK_FORWARD_SERVER_<1..30>_ARGS.--env SPLUNK_FORWARD_SERVER='splunkindexer:9997' --env SPLUNK_FORWARD_SERVER_ARGS='method clone' --env SPLUNK_FORWARD_SERVER_1='splunkindexer2:9997' --env SPLUNK_FORWARD_SERVER_1_ARGS='-method clone'.SPLUNK_ADD='<monitor|add> <what_to_monitor|what_to_add>' - execute add command,
for example to http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesanddirectoriesusingtheCLI
or http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports on specific ports.
SPLUNK_ADD_<1..30>.--env SPLUNK_ADD='udp 1514' --env SPLUNK_ADD_1='monitor /var/log/*'.SPLUNK_CMD='any splunk command' - execute any splunk command.
SPLUNK_CMD_<1..30>.--env SPLUNK_CMD='edit user admin -password random_password -role admin -auth admin:changeme'.Example
Following is an example of how to configure Splunk Enterprise and the Splunk universal forwarder in Docker.
CODE_TOKEN_10
After this script executes, you can forward syslog data to the udp port of container forwarder (for internal containers only, as Splunk does not publish the port). Data should arrive in Splunk Enterprise and you should see the forwarder registered with the deployment server.
If you do not see data when you load the Docker Overview app in the Docker app, confirm that:
The following mount points require special permissions:
/var/lib/docker/containers: By default, the Docker host only exposes read access to the root user. Read access to the volume could be changed for any users that start the Splunk process./var/run/docker.sock - Requires access to the https://docs.docker.com/engine/reference/api/docker_remote_api/ to collect information such as docker stats, tops, events, and inspect.Overriding the SPLUNK_USER envrionment variable to an authorized user (such as "root") gives you the required access to the mount points that the Docker app needs to analyze the collected Docker information.
If you use docker-compose (or reference an existing volume with docker run) to configure and run your Docker image and the Splunk Enterprise Docker container detects an upgrade after you make a change to docker-compose.yml, complete the following procedure to make the image ignore the upgrade prompt:
Open docker-compose.yml for editing.
In the Environment: section for the Splunk Enterprise image, add the following line:
CODE_TOKEN_11
Save docker-compose.yml and close it.
Run docker-compose up again.
If you still have trouble collecting or analyzing data with the Splunk Enterprise Docker image, use one of the following options:
您可以使用以下命令拉取该镜像。请将 <标签> 替换为具体的标签版本。如需查看所有可用标签版本,请访问 标签列表页面。
来自真实用户的反馈,见证轩辕镜像的优质服务