Making Splunk Enterprise accessible through Tailscale.
Working collaboratively on a one-off investigation with several log files? This setup allows you to quickly spin up a disposable Splunk Enterprise server, where you can upload log files to Splunk and share the instance to a member on your Tailnet.
- Debian-Based Linux Distribution (script tested primarly on Kali Linux and Amazon Linux).
- Tailscale Auth Key
- Optional: Tailscale account of the second user, if sharing with external party.
Coming soon...
The setup utilises Splunk Enterprise free tier, which comes with restrictions and limitations. Instructions for installing licenses is available through this link. Depending on your use case, you can also request a developer license.