using docker ubuntu virtual machine with container - /opt/sc4s/env_file is passed in and i can see the variables but it has no effect #2614
Assignees
Comments
|
I just cant get it to start as the variables are not being picked up in the container |
|
the issue was the splunk_metadata.csv file i need to use a splunk prefix splunk_sc4s_fallback,index,sddc_internal |
Ok, I'm glad it's working now! I'm closing the issue in this case. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I saw nothing in the portal
Was the issue replicated by support?
no
What is the sc4s version ?
3.3 latest
Which operating system (including its version) are you using for hosting SC4S?
docker container in ubuntu vm
Which runtime (Docker, Podman, Docker Swarm, BYOE, MicroK8s) are you using for SC4S?
docker
Is there a pcap available? If so, would you prefer to attach it to this issue or send it to Splunk support?
Is the issue related to the environment of the customer or Software related issue?
Is it related to Data loss, please explain ?
Protocol? Hardware specs?
Last chance index/Fallback index?
Is the issue related to local customization?
Do we have all the default indexes created?
Describe the bug
I have setup the env_file and followed the documentation but the variables are not working -
here is the env_file i took out the details but the token works i will show curl command
root@ipz003-prod-splunk01:/opt/sc4s# cat env_file
SC4S_CONTAINER_HOST=
SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=
SC4S_DEST_SPLUNK_HEC_DEFAULT_TOKEN=
SC4S_DEST_SPLUNK_HEC_DEFAULT_INDEX=sddc_internal
SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_VERIFY=yes
SC4S_DEST_SPLUNK_HEC_DEFAULT_DISKBUFF_ENABLE=yes
SC4S_DEBUG=true
/lib/systemd/system/sc4s.service
Run SC4S with the mapped variables
ExecStart=/usr/bin/docker run
-v splunk-sc4s-var:/var/lib/syslog-ng
-v /opt/sc4s/local:/etc/syslog-ng/conf.d/local
-v /opt/sc4s/archive:/var/lib/syslog-ng/archive
-v /opt/sc4s/tls:/etc/syslog-ng/tls
--env-file=/opt/sc4s/env_file
--network host
--name SC4S
--rm $SC4S_IMAGE
curl -k https://rb-itoa-splunk-idx29.rbesz01.com:3001/services/collector/event -H "Authorization: Splunk xxx-131967028fd5" -d '{"event": "Test event", "sourcetype": "nix:syslog", "index": "sddc_internal"}'
{"text":"Success","code"
Splunk dc864f86-9a3d-42be-8a09-131967028fd5" -d '{"event": "Test event", "sourcetype": "nix:syslog", "index": "sddc_internal"}'
{"text":"Success","code":0}root@ipz003-prod-splunk01:/opt/sc4s# docker logs -f SC4S
{"text":"Incorrect index","code":7,"invalid-event-number":1}
SC4S_ENV_CHECK_HEC: Invalid Splunk HEC URL, invalid token, or other HEC connectivity issue index=main. sourcetype=sc4s:fallback
Startup will continue to prevent data loss if this is a transient failure.
syslog-ng checking config
sc4s version=3.31.0
starting goss
starting syslog-ng
To Reproduce
Steps to reproduce the behavior:
I have tried variable attempts and the variables are in the container
root@ipz003-prod-splunk01:/opt/sc4s# docker exec -it SC4S env | grep SC4S
SC4S_CONTAINER_HOST=ipz003-prod-splunk01
SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=
SC4S_DEST_SPLUNK_HEC_DEFAULT_TOKEN=
SC4S_DEST_SPLUNK_HEC_DEFAULT_INDEX=sddc_internal
SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_VERIFY=yes
SC4S_DEST_SPLUNK_HEC_DEFAULT_DISKBUFF_ENABLE=yes
SC4S_DEBUG=true
SC4S_CONTAINER_OPTS=--no-caps
but they are not being picked up
The text was updated successfully, but these errors were encountered: