I have installled splunk/splunk:latest and exposed it on 8000 per the instructions
I can get to the GUI on localhost:8000 and retrieved a HEC token
when I try to validate the install using
curl -k https://localhost:8088/services/collector/event -H "Authorization: Splunk my-hec-token" -d '{"event": "hello world"}'
I get this ERROR
Failed to connect to localhost port 8088: Connection refused
Note: I am using the correct token
Looks like that exposes a number of ports, docker ps -a gives
8065/tcp, 8088-8089/tcp, 8191/tcp, 9887/tcp, 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 9997/tcp splunk
So I guess that means 8088 is automatically exposed?
the instructions on hub.docker.com say to expose 8000
docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=xxxxxxxxxx" --name splunk splunk/splunk:latest
Using this I can navigate to the GUI localhost:8000
Not sure about the default ports exposed during docker run but you can try by exposing manually
docker run -d -p 8000:8000 -8088:8088 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=xxxxxxxxxx" --name splunk splunk/splunk:latest
KV