Welcome to the Splunk Docker GitHub repository
This is the official source code repository for building Docker images of Splunk Enterprise and the Splunk Universal Forwarder.
What is Splunk Enterprise?
Splunk Enterprise is the platform for operational intelligence. The software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
The Splunk Base Image:
base/debian-9 contains a Dockerfile to create a base image on top
of which all the other images are built. In order to minimize image size and provide
a stable foundation for other images to build on, we elected to use
debian:stretch-slim for our base image.
debian:stretch-slim gives us the latest version of the Linux
Debian operating system in a tiny 55 megabytes. In the future, we plan to add
support for additional operating systems.
The Splunk Enterprise Image:
splunk/debian-9 contains a Dockerfile that extends the base image
by installing Splunk and adding tools for provisioning. It extends
by installing the application and preparing the environment for provisioning.
Advanced Splunk provisioning capabilities are provided through the utilization
of an entrypoint script and playbooks published separately via the
Splunk Ansible Repository.
The Splunk Universal Forwarder Image:
This image is similar to the Splunk Enterprise Image, except the more light-weight Splunk Universal Forwarder package is installed instead.
Note that you will need to install Docker.
Run the following command to build all the images:
$> make all
For more fine-grained control of which images to build, please refer to the
Use the following command to start a single instance of Splunk Enterprise:
$> export SPLUNK_PASSWORD=<password> $> docker run -it -p 8000:8000 -e 'SPLUNK_PASSWORD' -e 'SPLUNK_START_ARGS=--accept-license' splunk-debian-9:latest start
"<password>" with the initial password that you wish to use for logging into the Splunk admin
user account. You can then access Splunk at http://localhost:8000 with those credentials.
Please note, the password supplied must conform to the default Splunk Enterprise password requirements.
Notice that the license agreement has to be explicitly accepted. Splunk will not start
unless you pass the argument
--accept-license to every container.
Ctrl+C to stop the container.
For more detailed requirements, instructions and scenarios, please see SETUP
For information about more advanced deployments including search head and indexer clusters, please see ADVANCED
Get help and support
If you have questions or need support, you can:
- Post a question to Splunk Answers
- Join the #docker room in the Splunk Slack channel
- If you are a Splunk Enterprise customer with a valid support entitlement contract, and have a Splunk related question you can also open a support case on the https://www.splunk.com/ support portal.
- For details on the supported architectures, please refer to the documentation http://docs.splunk.com/Documentation/Splunk/latest/Installation/Systemrequirements#Containerized_computing_platforms
Please also see TROUBLESHOOTING
Splunk Inc. and the Splunk Community