I set up a splunk docker container recently and there were a couple what feel like oddities catching me up. Default debian doesn’t have world readable log files. This is not for production. But it’s okay for my homelab. Starting with this basic docker-compose file we made sure it worked. version: "3.6" services: so1: image: ${SPLUNK_IMAGE:-splunk/splunk:latest} container_name: so1 environment: - SPLUNK_START_ARGS=–accept-license - SPLUNK_PASSWORD ports: - 8000:8000 It’s simple, gets everything running without doing anything fancy.