Splunk and Docker…So Good Together
Not sure why it hasn’t come to mind previously, but Docker and Splunk work so well together. From creating apps to setting up a new environment, you can do it all with the Splunk supported Docker Image available from the Docker Hub.
If your still not convinced, below are some more great reasons why you should try out Splunk on Docker.
Lightweight Foot Print
Compared to a new Search Head Splunk instance, the Splunk Docker Containers Images that are available are only edging 1Gb. Although this is large in the Docker world, this takes things down quite a bit when you are using VM’s or other virtualization.
Rapid Deployment
Even compared to a VM, Docker is quick. Download your image and you can have you service running in a matter so seconds.
Ease of Configuration
Basic configuration can be performed from the command line or from a Dockerfile, but it also can utilize your existing Puppet, Chef or Ansible configuration management system.
App Isolation
Your service or application will be running in isolation and hopefully in a replicated version of your production environment. On your laptop to your test environment and then hopefully onto production.
Perfect for Dev/Test/Prod
If your looking for a way to make a consistent development, test and collaboration environment, Docker can help as you can publish your image to a central repository, making sure that everyone using the images will be using from the same.
It’s Just So Easy
Instead of just saying this, why not show you. If you have Docker installed on your host all you need to do to get a running Splunk server is:
docker run -d -e “SPLUNK_START_ARGS= — accept-license” -e “SPLUNK_USER=root” -p 8000:8000 splunk/splunk
- Pulls down the latest support Splunk Docker image(splunk/splunk).
- Uses -d to run the container in detached mode.
- Uses the -e flag to set environment variables for our Splunk environment including accepting the Splunk license, setting the Splunk user as root.
- Finally the -p maps the containers port 8000 to your hosts port 8000.
If you internet connection is working and all has gone well with your installation of Docker, you should be able to access a new install of Splunk in your web browser by entering the url http://localhost:8000.
Found this post useful? Kindly tap the ❤ button below! :)
About The Author