Running Siren Investigate on Docker
Docker images for Siren Investigate are available from the sirensolutions organization on Dockerhub.
Pulling the Image
Obtaining Siren Investigate for Docker is as simple as issuing a docker pull command.
The Docker image for the latest Siren Investigate can be retrieved with the following command:
docker pull sirensolutions/siren-platform:latest docker run -d -p 5606:5606 -p 9220:9220 sirensolutions/siren-platform:latest
Or for specific version, for example 10.0.0:
docker pull sirensolutions/siren-platform:10.0.0 docker run -d -p 5606:5606 -p 9220:9220 sirensolutions/siren-platform:10.0.0
For an image pre-populated with demonstration data:
docker pull sirensolutions/siren-platform-demo-data:latest docker run -d -p 5606:5606 -p 9220:9220 sirensolutions/siren-platform-demo-data:latest
Environment variable configuration
Under Docker, Siren Investigate can be configured using environment variables. When the container starts, a helper process checks the environment for variables that can be mapped to Siren Investigate command-line arguments.
For compatibility with container orchestration systems, these environment variables are written in all capitals, with underscores as word separators. The helper translates these names to valid Siren Investigate setting names.
Some example translations are shown here:
Environment Variable | Siren Investigate Setting |
|
|
|
|
|
|
In general, any setting listed in Configuring Siren Investigate or X-Pack Settings can be configured with this technique.
These variables can be set with docker-compose like this:
services:
investigate:
image: docker.elastic.co/kibana/kibana:10.0.0
environment:
SERVER_NAME: siren.example.org
ELASTICSEARCH_URL: http://elasticsearch.example.orgBecause environment variables are translated to CLI arguments, they take precedence over settings configured in investigate.yml.
Docker defaults
The default settings when using the siren-investigate image (standalone Siren Investigate image) are:
| |
|
|
|
|
Install Siren Investigate with ZIP package
Siren Investigate is provided for Linux and Windows as a .zip package. These packages are the easiest formats to use when trying out Siren Investigate.
The latest stable version of Siren Investigate can be found on the Siren Support Portal. Descriptions of the separate demonstration packages are also available there.
Download and install the Linux 64-bit package
After you have obtained your license, you should have access to the Siren Support Portal's download pages. The siren-investigate package can be downloaded from there, either by clicking the package link in the browser or, right click the link, then use the copied link as investigate-link as follows:
wget {investigate-link}.zip
sha1sum siren-investigate-10.0.0-linux-x86_64.zip 1
unzip siren-investigate-10.0.0-linux-x86_64.zip -d .
cd siren-investigate-10.0.0-linux-x86_64/ 2Compare the SHA produced by | |
This folder is known as |
Running Siren Investigate from the command prompt
Siren Investigate can be started from the command prompt as follows:
./bin/investigate
By default, Siren Investigate runs in the foreground, prints its logs to the standard output (stdout), and can be stopped by pressing Ctrl+C.
Siren Investigate configuration
Siren Investigate loads its configuration from the $INVESTIGATE_HOME/config/investigate.yml file by default. The format of this configuration file is explained in Configuring Siren Investigate.
Folder layout of Linux ZIP archive
The .zip packages are entirely self-contained.
This is very convenient because you do not have to create any directories to start using Siren Investigate, and uninstalling is as easy as removing the folder. However, it is advisable to change the default locations of the configuration and data folders so that you do not remove important data later on.
Type | Description | Default Location | Setting |
|---|---|---|---|
home | Siren Investigate home folder or | Folder created by unpacking the archive; in demonstration distributions, the folder is | |
bin | Binary scripts including |
| |
config | Configuration files including |
| |
data | The location of the data files written to disk by Siren Investigate and its plugins |
| |
optimize | Transpiled source code. Certain administrative actions, for example |
| |
plugins | The location of the plugin files. Each plugin will be contained in a subfolder. |
|
Install Siren Investigate on Windows
Siren Investigate can be installed on Windows using the .zip package; zip packages can be downloaded from the download page. The demonstration versions contain a preconfigured Elasticsearch cluster in addition to Siren Investigate.
Running Siren Investigate from the command prompt
Siren Investigate can be started from the command prompt as follows:
.\bin\investigate.bat
By default, Siren Investigate runs in the foreground, prints its logs to STDOUT, and can be stopped by pressing Ctrl+C.
Siren Investigate configuration
Siren Investigate loads its configuration from the $INVESTIGATE_HOME/config/investigate.yml file by default. The format of this configuration file is explained in Configuring Siren Investigate.
Folder layout of Windows ZIP archive
The .zip package is entirely self-contained.
This is very convenient because you do not have to create any directories to start using Siren Investigate, and uninstalling Siren Investigate is as easy as removing the folder. However, it is advisable to change the default locations of the configuration and data folders so that you do not remove important data later on.
Type | Description | Default Location | Setting |
|---|---|---|---|
home | Siren Investigate home folder or | Folder created by unpacking the archive; in demonstration distributions, the folder is | |
bin | Binary scripts including |
| |
config | Configuration files including |
| |
data | The location of the data files written to disk by Siren Investigate and its plugins |
| |
optimize | Transpiled source code. Certain administrative actions, for example |
| |
plugins | The location of the plugin files. Each plugin will be contained in a subfolder. |
|