Docker Standalone Splunk Smartstore

Minio User and Password , I left the standard for easy testin : minioadmin/minioadmin

Splunk Install

I did all the steps like for a splunk cluster with Smartstore (documetation) , just to learn the steps , normally for Standalone you don't need to create a default.conf .

docker run --rm -it splunk/splunk:latest create-defaults > /tmp/defaults/default.yml

create and run the container :

I mounted a my local (Mac) /tmp/defaults on (container) /tmp/defaults with volume command and my local (Mac) /User/splunketc on (container) /opt/splunk/etc so that the container leverage my local directories :

docker run -d -p 8000:8000 -e "SPLUNK_PASSWORD=Test7283" -e "SPLUNK_START_ARGS=--accept-license" -v /Users/splunketc:/opt/splunk/etc -v /tmp/defaults:/tmp/defaults -it splunk/splunk:latest

After container is started and splunk is up and running ( to test connect localhost:9000) . I stopped the container again .

docker stop spunkcontainerid

to find you splunk container id :

docker ps |grep splunk

Now I created a new indexes.conf on my mac /Users/splunketc/system/local/indexes.conf

smartstore:

index:

- indexName: default

remoteName: remote_store

scheme: s3

remoteLocation: splunkstore

s3:

access_key: minioadmin

secret_key: minioadmin

endpoint: http://yourmacipadress:9000

Now I restarted the container :

docker start splunkcontainerid

if your container stop after start to debug , find your container , see the container logs :

docker ps -a |grep splunk

docker logs splunkcontainerid