Comments (6)
are you running multiple containers on the same host? If so, the session-key cookie will break as it's tracked by the url of the host.
from docker-splunk.
are you running multiple containers on the same host?
Yes.
Each container uses a different set of port numbers. For example, for Splunk Web:
http://myhost:18000/
http://myhost:28000/
If so, the session-key cookie will break as it's tracked by the url of the host.
Sorry, I don't know what you mean by "url of the host".
I understand the terms hostname, port, and URL.
From one of the example URLs I quoted above:
- The hostname is
myhost
- The port is
18000
- The Splunk Web URL is
http://myhost:18000/
. By definition, the URL includes the port.
In Google Chrome developer tools, I see this:
Are you saying that Splunk Web session tracking does not distinguish between URLs with the same hostname but different ports?
from docker-splunk.
your cookies are a little deceiving, the cookies you have are actually "session_id_8000, splunkd_8000" etc, they aren't segregated. To splunk internal to a container, the session_id was created for the port splunk_web think's it's running on. In your case, the issue is that splunk is being proxied to 18000, and the cookie stores the wrong port. Splunk supports running on any port, but this problem frequently happens when it's behind a LB or docker / proxy. Splunk has some internal SPL's open to address this issue, but until those are resolved, this issue will happen anytime you run multiple splunk on the same host.
. Sorry for the inconvenience this causes!
from docker-splunk.
Splunk has some internal SPL's open to address this issue, but until those are resolved, this issue will happen anytime you run multiple splunk on the same host.
Ouch! Thanks for the clarification, much appreciated.
I was wrong about this:
switching Splunk inside the containers to a Splunk Free license would make this issue go away.
because I've just experienced this issue with Splunk Free.
The bleeding obvious: this is a real gotcha for anyone using this Splunk Docker image. This behavior is Docker-unfriendly:
this issue will happen anytime you run multiple splunk on the same host.
from docker-splunk.
I'm not sure what to write about this restriction in the user documentation for my Docker image.
"Don't run more than one Splunk container on the same Docker host"?!
That sounds to me like a (bad) joke; completely contrary to the idea of Docker containers.
Any suggestions?
Would you consider adding a corresponding item to the Troubleshooting topic? (I'm imagining myself as a new user of my Docker image, reading about that restriction, and thinking, "Wait, that can't be true. What do the developers of the base Splunk Docker image have to say about this?")
from docker-splunk.
A local colleague has just looked at this issue, and suggested something I wish I'd thought of: when you start a Docker container, pass an environment variable that sets the Splunk Web port.
We looked at the table of supported environment variables under the documentation heading "Environment variables for Splunk instance", but that table did not list a corresponding environment variable.
We tried this anyway:
docker run -d -e SPLUNK_HTTP_PORT=8001 ... -p 8500:8001 ...
Yep, that worked. Browsing to http://myhost:8500
shows Splunk Web.
We opened a second tab in the same browser to another instance of Splunk Web on a different port of the same host, where the Splunk Web port inside the container was the default 8000.
We then looked at the site cookies in the browser:
cval
session_id_8000
session_id_8001
splunkd_8000
splunkd_8001
splunkweb_csrf_token_8000
splunkweb_csrf_token_8001
splunkweb_uid
Note: In case it's significant, both of these Splunk instances are using the Free license.
Only cval
and splunkweb_uid
are without port-specific qualifiers.
So far, so good: neither instance of Splunk Web has displayed the dreaded "Your session has expired" message. I'll report back here again if it happens.
Could you please update that table of environment variables to include SPLUNK_HTTP_PORT
.
With sincere thanks to my colleague (you know who you are 😉 ).
from docker-splunk.
Related Issues (20)
- Failed to install the app 'Splunk add on for linux'
- Splunk 9.1.3 has a regression on the `SPLUNKD_SSL_ENABLE` variable HOT 3
- create-default does not work because the six module is not found. HOT 1
- Clients can't connect to splunk ds 9.2 and 9.2.0.1 HOT 1
- Index creation using default.yml is no longer working in splunk images > 9.0.7.
- libcrypto.so error on initial password hashing HOT 10
- Splunk 9.1.3 Startup Errors HOT 1
- Please include eu-stack utility into the docker image to allow performance troubleshooting within an indexer cluster
- Can't start latest/9.0.9 version HOT 2
- Python 3.7 EOL
- Launching a Forwarder licensed heavy container fails in 9.0.9, 9.1.4, and 9.2.1
- Can't download files from github inside of docker container
- Best Practices for Docker files
- UF Crashes on Container Restart (9.2 and 9.1) HOT 1
- 9.2.1 as splunk_deployment_server doesn't start HOT 2
- 9.2.1/9.1.4 hec token not created when providing env var SPLUNK_HEC_TOKEN HOT 2
- Add support for Java 17
- Installing JDK 11 inside Splunk container
- Splunk UF - Warning: Attempting to revert the SPLUNK_HOME ownership causes troubles with Ansible play
- Splunkbase app not installed when using SPLUNK_APPS_URL
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-splunk.