Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it possible to run splunk in docker container in windows ?

sarit_s
Communicator
‎05-07-2019 12:26 AM

Hello
is it possible to run splunk in docker container in windows ?
if yes, can someone link me to the installation guide ?

thanks

Labels (1)
Labels
0 Karma
Reply

dbjdbj
New Member
‎04-05-2022 02:02 AM

It is now 2022Q2 and I have the same question.

Judging by  https://github.com/splunk/docker-splunk/blob/develop/docs/SUPPORT.md

it is just Linux?

 

0 Karma
Reply

vikramyadav
Contributor
‎04-25-2020 03:31 AM

No, Currently docker image of Splunk does not support in windows. Till now it only supports the Linux bases operating system.
It clearly mention in the prerequisitealt text

pre.png
Preview file
23 KB
Reply

mattymo
Splunk Employee
Splunk Employee
‎05-13-2019 07:08 AM

Hi! Splunk doesn't currently produce a Windows based Splunk image.

https://splunk.github.io/docker-splunk/SUPPORT.html

That being said, if you can handle creating Windows based Dockerfiles, you can simply create your own image. I haven't seen any samples out there in my travels.

- MattyMo
0 Karma
Reply

koshyk
Super Champion
‎05-07-2019 12:42 AM

Yes, it does. One of our POC was done in Windows, but was not elaborate

  1. Install Docker and try out another container to see everything is working
  2. Download Splunk docker image from: https://hub.docker.com/r/splunk/splunk/
  3. Follow instructions in there. This is a very basic setup

For a more elaborated clustered setup, with ansible & docker compose, follow github repo https://github.com/getkub/ansible_docker_splunk . This is more complex though

0 Karma
Reply

sarit_s
Communicator
‎05-07-2019 02:09 AM

hi
thanks for your reply
i did all of this but im getting error :

ERROR: Couldn't read "/opt/splunk/etc/splunk-launch.conf" -- maybe $SPLUNK_HOME or $SPLUNK_ETC is set wrong?

0 Karma
Reply

koshyk
Super Champion
‎05-07-2019 04:26 AM

did you volume mount $SPLUNK_HOME/etc to another location?
which version of splunk (within docker) you are using?

There are few similar errors as per post: https://answers.splunk.com/answers/553373/couldnt-determine-splunk-home-perhaps-it-should-be.html

0 Karma
Reply

sarit_s
Communicator
‎05-07-2019 04:46 AM

hi
did not volume mount $SPLUNK_HOME
latest version of splunk

0 Karma
Reply

koshyk
Super Champion
‎05-07-2019 05:16 AM

in that case, you may need shell access to the splunk container.
1. Try creating a splunk-launch.conf within your windows system (eg: SPLUNK_HOME=/opt/splunk)
2. Do a docker copy from host to container
eg docker cp C:\somewhere\in_windows\splunk-launch.conf <containerId>:/opt/splunk/etc/splunk-launch.conf

Try running again

0 Karma
Reply

sarit_s
Communicator
‎05-07-2019 09:19 AM

how is that possible that in windows i will have path like /opt/splunk
it is a linux path

0 Karma
Reply

shincho
New Member
‎01-15-2020 08:36 PM

1.what hoshky said is put a splunk-launch.conf file into splunk's container
2."/opt/splunk" is the path in splunk's container, not path in windows OS
3.After done what hoshky said, I could access localhost:8000

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

Sooooooooooo, guess what. .conf25 is almost here, and if you're on the Security Learning Path, this is your ...

First Steps with Splunk SOAR

Our first step was to gather a list of the playbooks we wanted and to sort them by priority.  Once this list ...

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

If you’ve read our previous post on self-service observability, you already know what it is and why it ...
Top