This is a Dockerfile setup for splunk - http://www.splunk.com
By default, the 60-day enterprise free trial is installed, but this can be changed to the free 500MB/day version at any time.
docker run -d -p 8000:8000 -p 8089:8089 -p 9997:9997 -p 514:514 -v /mnt/user/appdata/splunk:/opt/splunk/var --name splunk dmaxwell/splunk
Once the container is running, browse to:
http://<host>:8000 to complete the setup.
/opt/splunk/varFor the splunk app data and configuration.
/dataFor monitoring the local host. Can be mapped to /var/log for instance.
/licenseFor loading an enterprise license in the app.
All three volumes are optional, but to have a persistent install, you should map /opt/splunk/var.
Configurations like password, apps, and port monitoring settings are actually under /opt/etc so they don't survive updates to the docker container in unRAID. Tried setting up a mapping to appdata for the /opt/etc data copying through bash within the container, but Splunk's webui doesn't run with any added host path. Any ideas?
This container hasn't been updated in awhile and doesn't work with the current version of unRAID (BTRFS support). Can we get an update to the latest Splunk?