How to install Splunk Enterprise in a Docker Container

Splunk is one of the most common options to externalize and centralize the logs of our mule apps. In the next series of posts, we'll see how to externalize logs to Splunk. But before that, we'll see how we can get our own Splunk Enterprise environment installed in a few easy steps.

Requirements

  • Check your firewall or security settings for your VM. Your VM needs to accept traffic on two ports. In this example, we'll use 8000 and 8088. More details later on this post.
  • If you don't have Docker installed on your OS please install it. Follow this guide to learn how to install Docker on Ubuntu.

Running the container

  • First, we need to download the Splunk image:
     docker pull splunk/splunk:latest
  • Next, we'll run the container with the following options:
    • -d: to run the container detached
    • Splunk needs two ports to be reached on:
      • One for the web access console. Splunk uses port 8000 for the SplunkWeb port. In this example we'll map the same port for host and container, but if you have port 8000 in your host already in use we can map it to another port, for example: -p 9000:8000
      • Another one for the HTTP Event Collector, where we'll be sending the logs of our mule apps. In this example we'll use port 8088. These are the two ports for which you'll have to allow access from your firewall or security settings
    • the image requires another two parameters, specific of splunk
    docker run -d -p 8000:8000 -p 8088:8088 \
    -e SPLUNK_START_ARGS='--accept-license' \
    -e SPLUNK_PASSWORD='[your_password]' splunk/splunk:latest

Verify the Deployment

  • Check the container is running with:
  •     docker ps    


  • Verify you can access the web console. Open an web browser and access SplunkWeb typing http://[YOUR_HOSTNAME]:8000. Log in to Splunk Enterprise inside the container using the username admin and the password you set when you ran the Docker image.
Previous Post Next Post