Splunk Enterprise contains many settings that allow customers to tailor their Splunk environment. However, because not all settings apply to all customers, Splunk will only support the most common subset of all configurations. Throughout this document, the term “supported” means you can contact Splunk Support for assistance with issues.
At the current time, this image only supports the Docker runtime engine and requires the following system prerequisites:
splunk/splunkimage supports x86-64 chipsets
splunk/universalforwarderimage supports both x86-64 and s390x chipsets
overlay2Docker daemon storage driver
For more details, please see the official supported architectures and platforms for containerized Splunk environments as well as hardware and capacity recommendations.
If you intend for this containerized Splunk Enterprise deployment to be supported in your Enterprise Support Agreement, you must verify you meet all of the above “supported” requirements. Failure to do so will render your deployment in an “unsupported” state.
Splunk Support only provides support for the single instance Splunk Validated Architectures (S-Type), Universal Forwarders and Heavy Forwarders. For all other configurations, please contact Splunk Professional Services. Please contact them according to the instructions here.
If you have additional questions or need more support, you can:
In the following conditions, Splunk Support reserves the right to deem your installation unsupported and not provide assistance when issues arise:
In the event you fall into an unsupported state, you may find support on Splunk Answers, or through the open source communities found in this docker-splunk GitHub project or the related splunk-ansible GitHub project.