Step to reproduce
1. Install
version: '3.7'
services:
splunk:
image: splunk/splunk:latest
container_name: splunk
ports:
- "8000:8000"
- "9997:9997"
- "8088:8088"
environment:
- SPLUNK_START_ARGS=--accept-license
- SPLUNK_PASSWORD=Password1
volumes:
- splunk_data_var:/opt/splunk/var
- splunk_data_etc:/opt/splunk/etc
restart: unless-stopped
volumes:
splunk_data_var:
splunk_data_etc:
2. change admin pass from web ui
3. Restart splunk docker instance
The reason why this failed on after first run is that you have changed admin password to different that you have configured on your docker conf file. When it try to login into splunk via REST endpoint with user and password it cannot as it has old password. You could fix this by changing your current admin password into docker config file and run it again.
Hi Isoutamo,
thanks for reply,
I did not change anywhere just gui i changed password and did a restart from portainer for my docker, since testing it out in homelab enviroment,
I have documented a video and log, if u r interested I can share.
The reason why this failed on after first run is that you have changed admin password to different that you have configured on your docker conf file. When it try to login into splunk via REST endpoint with user and password it cannot as it has old password. You could fix this by changing your current admin password into docker config file and run it again.
thank you so much,