Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it possible to run splunk in docker container in windows ?

sarit_s
Communicator
‎05-07-2019 12:26 AM

Hello
is it possible to run splunk in docker container in windows ?
if yes, can someone link me to the installation guide ?

thanks

Labels (1)
Labels
0 Karma
Reply

dbjdbj
New Member
‎04-05-2022 02:02 AM

It is now 2022Q2 and I have the same question.

Judging by  https://github.com/splunk/docker-splunk/blob/develop/docs/SUPPORT.md

it is just Linux?

 

0 Karma
Reply

vikramyadav
Contributor
‎04-25-2020 03:31 AM

No, Currently docker image of Splunk does not support in windows. Till now it only supports the Linux bases operating system.
It clearly mention in the prerequisitealt text

pre.png
Preview file
23 KB
Reply

mattymo
Splunk Employee
Splunk Employee
‎05-13-2019 07:08 AM

Hi! Splunk doesn't currently produce a Windows based Splunk image.

https://splunk.github.io/docker-splunk/SUPPORT.html

That being said, if you can handle creating Windows based Dockerfiles, you can simply create your own image. I haven't seen any samples out there in my travels.

- MattyMo
0 Karma
Reply

koshyk
Super Champion
‎05-07-2019 12:42 AM

Yes, it does. One of our POC was done in Windows, but was not elaborate

  1. Install Docker and try out another container to see everything is working
  2. Download Splunk docker image from: https://hub.docker.com/r/splunk/splunk/
  3. Follow instructions in there. This is a very basic setup

For a more elaborated clustered setup, with ansible & docker compose, follow github repo https://github.com/getkub/ansible_docker_splunk . This is more complex though

0 Karma
Reply

sarit_s
Communicator
‎05-07-2019 02:09 AM

hi
thanks for your reply
i did all of this but im getting error :

ERROR: Couldn't read "/opt/splunk/etc/splunk-launch.conf" -- maybe $SPLUNK_HOME or $SPLUNK_ETC is set wrong?

0 Karma
Reply

koshyk
Super Champion
‎05-07-2019 04:26 AM

did you volume mount $SPLUNK_HOME/etc to another location?
which version of splunk (within docker) you are using?

There are few similar errors as per post: https://answers.splunk.com/answers/553373/couldnt-determine-splunk-home-perhaps-it-should-be.html

0 Karma
Reply

sarit_s
Communicator
‎05-07-2019 04:46 AM

hi
did not volume mount $SPLUNK_HOME
latest version of splunk

0 Karma
Reply

koshyk
Super Champion
‎05-07-2019 05:16 AM

in that case, you may need shell access to the splunk container.
1. Try creating a splunk-launch.conf within your windows system (eg: SPLUNK_HOME=/opt/splunk)
2. Do a docker copy from host to container
eg docker cp C:\somewhere\in_windows\splunk-launch.conf <containerId>:/opt/splunk/etc/splunk-launch.conf

Try running again

0 Karma
Reply

sarit_s
Communicator
‎05-07-2019 09:19 AM

how is that possible that in windows i will have path like /opt/splunk
it is a linux path

0 Karma
Reply

shincho
New Member
‎01-15-2020 08:36 PM

1.what hoshky said is put a splunk-launch.conf file into splunk's container
2."/opt/splunk" is the path in splunk's container, not path in windows OS
3.After done what hoshky said, I could access localhost:8000

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top