Public | Automated Build

Last pushed: 2 years ago
Short Description
docker run gives you splunk!
Full Description

Full description is empty for this repo.

Docker Pull Command
Source Repository

Comments (3)
a year ago

@japearson thank you so much for this! spent hours trawling to work out why this wouldn't work - its NOT due to btrfs or xfs support, just permissions!

2 years ago

To work around the unusable filesystem issue you need to mount in a volume from the host for the /opt/splunk/var/lib
For example I started docker like this:
docker run -v /data/splunk-test:/opt/splunk/var/lib -p 8000:8000 -it alexanderm/docker-splunk bash

Beforehand I created the /data/splunk-test directory and did a chown 1000:1000 on it (which the the uid and guid of the splunk user inside docker)

Then splunk starts happily.

3 years ago

When I try to run splunk in docker it looks like splunk doesn't support aufs. Did you not have the following error?:

homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem.
Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at