Getting Started with Splunk on Docker

To spin up splunk from a docker container execute the below command.

1
2
3
4
docker run -d --name splunk \
-e SPLUNK_START_ARGS=--accept-license \
-e SPLUNK_PASSWORD=secret123 \
-p 8000:8000 -p 8089:8089 splunk/splunk

Wait for the container status to be healthy. You can check this by using docker ps command.

Once the container status is healthy, you can access the splunk from the below address:

http://localhost:8000

In case if you are using Mac, use your docker-machine IP instead of localhost.

You’ll see a login page similar to the one shown below.

Login using the below Credentials

1
2
username: admin
password: secret123

Let generate a Basic Trend widget

For this widget, we can simply apply timechart with span of 10 minutes on the index _internal

You’ll see a count widget similar to the one shown below.