I set up a splunk docker container recently and there were a couple what feel like oddities catching me up.
- Default debian doesn’t have world readable log files.
- This is not for production. But it’s okay for my homelab.
Starting with this basic docker-compose file we made sure it worked.
version: "3.6"
services:
so1:
image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
container_name: so1
environment:
- SPLUNK_START_ARGS=--accept-license
- SPLUNK_PASSWORD
ports:
- 8000:8000
It’s simple, gets everything running without doing anything fancy. Let’s iterate it fancier and match the style of the rest of my compose files.