Trying to run splunk in a docker container - which I can successfully get running.
Once I try to add a persistent volume for /splunkhome/var and /splunkhome/etc, the kvstore fails to start.
The persistent volume is being hosted on a NAS (synology diskstation) which is being mounted to my linux host via SMB (cifs) with the local admin of the NAS - so I should have full permissions to the share.
I've been able to observe the following error
"homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem."
are SMB file shares not supposed by splunk?
I can get past this error by adding "OPSIMISTIC_ABOUT_FILE_LOCKING = 1" to splunk-launch.conf
but then I get stuck with where kvstore failing to start. kvstore logs indicate it's because the permissions are too open - even though I've changed them to 400.