Welcome to Splunk's official repository containing Dockerfiles for building Splunk Enterprise and Universal Forwarder images using containerization technology. This repository supports all Splunk roles and deployment topologies, and currently works on any Linux-based platform.
The provisioning of these disjoint containers is handled by the splunk-ansible project. Please refer to Ansible documentation for more details about Ansible concepts and how it works.
Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
Please refer to Splunk products for more knowledge about the features and capabilities of Splunk, and how you can bring it into your organization.
This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk and its other product offerings.
This repository should be used by people interested in running Splunk in their container orchestration environments. With this Docker image, we support running a standalone development Splunk instance as easily as running a full-fledged distributed production cluster, all while maintaining the best practices and recommended standards of operating Splunk at scale.
Use the following command to start a single standalone instance of Splunk Enterprise:
$ docker run -it -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:latest
Let's break down what this command does:
- Starts a Docker container interactively using the
splunk/splunk:latest
image. - Expose a port mapping from the host's
8000
to the container's8000
. - Specify a custom
SPLUNK_PASSWORD
- be sure to replace<password>
with any string that conforms to the Splunk Enterprise password requirements. - Accept the license agreement with
SPLUNK_START_ARGS=--accept-license
. This must be explicitly accepted on everysplunk/splunk
container, otherwise Splunk will not start.
After the container starts up successfully, you should be able to access SplunkWeb at http://localhost:8000 with admin:<password>
.
For full usage instructions (including examples, advanced deployments, scenarios), please visit the docker-splunk documentation page.
Please use the GitHub issue tracker to submit bugs or request features.
If you have additional questions or need more support, you can:
- Post a question to Splunk Answers
- Join the #docker room in the Splunk Slack channel
- If you are a Splunk Enterprise customer with a valid support entitlement contract and have a Splunk-related question, you can also open a support case on the https://www.splunk.com/ support portal
For more detailed informations on support, please see the official support guidelines.
We welcome feedback and contributions from the community! Please see our contribution guidelines for more information on how to get involved.
Copyright 2018-2019 Splunk.
Distributed under the terms of our license, splunk-ansible is free and open source software.
Splunk Inc. and the Splunk Community