I set up a splunk docker container recently and there were a couple what feel like oddities catching me up.

  1. Default debian doesn’t have world readable log files.
  2. This is not for production. But it’s okay for my homelab.

Starting with this basic docker-compose file we made sure it worked.

version: "3.6"

services:
  so1:
    image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
    container_name: so1
    environment:
      - SPLUNK_START_ARGS=--accept-license
      - SPLUNK_PASSWORD
    ports:
      - 8000:8000

It’s simple, gets everything running without doing anything fancy. Let’s iterate it fancier and match the style of the rest of my compose files.