Public | Automated Build

Last pushed: a month ago
Short Description
splunk container based on phusion/baseimage and customized for unRAID.
Full Description

This is a Dockerfile setup for splunk -

By default, the 60-day enterprise free trial is installed, but this can be changed to the free 500MB/day version at any time.


docker run -d -p 8000:8000 -p 8089:8089 -p 9997:9997 -p 514:514 -v /mnt/user/appdata/splunk:/opt/splunk/var --name splunk dmaxwell/splunk

Once the container is running, browse to: http://<host>:8000 to complete the setup.


  • /opt/splunk/var For the splunk app data and configuration.
  • /data For monitoring the local host. Can be mapped to /var/log for instance.
  • /license For loading an enterprise license in the app.

All three volumes are optional, but to have a persistent install, you should map /opt/splunk/var.

Docker Pull Command
Source Repository

Comments (2)
6 months ago

Configurations like password, apps, and port monitoring settings are actually under /opt/etc so they don't survive updates to the docker container in unRAID. Tried setting up a mapping to appdata for the /opt/etc data copying through bash within the container, but Splunk's webui doesn't run with any added host path. Any ideas?

7 months ago

This container hasn't been updated in awhile and doesn't work with the current version of unRAID (BTRFS support). Can we get an update to the latest Splunk?