Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk cluster in Docker / Kubernetes (Containerization)

splunkreal
Influencer
‎01-14-2026 06:50 AM

Hello, anyone had experience with containers for Splunk cluster? Does it fit SHC kvstore for instance or indexers? Any risk?

Thanks!

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply

Wander
Path Finder
‎01-15-2026 06:34 AM

Here's a couple of projects from Splunk's github page:

https://github.com/splunk/docker-splunk

https://github.com/splunk/splunk-operator

I'm working through this as well, so I don't have a review or either yet

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-14-2026 07:14 AM

There are several groups on Splunk Slack - #docker, #kubernetes and #splunk_operator_for_kubernetes (or something like this; easily findable). So you might get help there.

Generally - containerized Splunk to be "really functional" has to:

1) Externalize config and state

2) Expose ports

So if you can get those two elements done properly I don't see why shouldn't it work as SHC culster.

Having said that - I"m not an expert on containerized Splunk and I generally dislike containerized tools.

Reply

splunkreal
Influencer
‎01-14-2026 07:26 AM

Thanks @PickleRick  how would you externalize kvstore for instance?

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-14-2026 07:37 AM

As far as I remember, those containers mount stuff like $SPLUNK_HOME/etc and $SPLUNK_HOME/var/lib from outside. But into that you'd have to dig more yourself. My experience with dockerized Splunk is relatively limited (to let's spin up quickly some empty instance and check if it can do X or Y).

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...