Splunk and Docker…So Good Together

Not sure why it hasn’t come to mind previously, but Docker and Splunk work so well together. From creating apps to setting up a new environment, you can do it all with the Splunk supported Docker Image available from the Docker Hub.

If your still not convinced, below are some more great reasons why you should try out Splunk on Docker.

If your eager to get started with Docker, you can install it by going to the following the link attached to this text

Lightweight Foot Print

Compared to a new Search Head Splunk instance, the Splunk Docker Containers Images that are available are only edging 1Gb. Although this is large in the Docker world, this takes things down quite a bit when you are using VM’s or other virtualization.

Rapid Deployment

Even compared to a VM, Docker is quick. Download your image and you can have you service running in a matter so seconds.

Ease of Configuration

Basic configuration can be performed from the command line or from a Dockerfile, but it also can utilize your existing Puppet, Chef or Ansible configuration management system.

App Isolation

Your service or application will be running in isolation and hopefully in a replicated version of your production environment. On your laptop to your test environment and then hopefully onto production.

Perfect for Dev/Test/Prod

If your looking for a way to make a consistent development, test and collaboration environment, Docker can help as you can publish your image to a central repository, making sure that everyone using the images will be using from the same.

It’s Just So Easy

Instead of just saying this, why not show you. If you have Docker installed on your host all you need to do to get a running Splunk server is:

docker run -d -e “SPLUNK_START_ARGS= — accept-license” -e “SPLUNK_USER=root” -p 8000:8000 splunk/splunk

  • Pulls down the latest support Splunk Docker image(splunk/splunk).
  • Uses -d to run the container in detached mode.
  • Uses the -e flag to set environment variables for our Splunk environment including accepting the Splunk license, setting the Splunk user as root.
  • Finally the -p maps the containers port 8000 to your hosts port 8000.

If you internet connection is working and all has gone well with your installation of Docker, you should be able to access a new install of Splunk in your web browser by entering the url http://localhost:8000.

Found this post useful? Kindly tap the ❤ button below! :)

About The Author

Vince has worked with Splunk for over 5 years, developing apps and reporting applications around Splunk, and now works hard to advocate its success. He has worked as a system engineer in big data companies and development departments, where he has regularly supported, built, and developed with Splunk. He has now published his first book via Packt Publishing — Learning Splunk Web Framework.