This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4
/opt/splunk/bin/splunk start
(or whatever path you installed)
The first time you run a new installation, you will be prompted with a license agreement. You must accept the license terms to continue to use Splunk.
Splunk can run as any user on the local system. If you run Splunk as a non-root user you will need to ensure that Splunk has the appropriate permissions to read the inputs that you specify.
The first time you start splunk after a new installation, you will be presented with the license agreement and asked to accept the license. If you want to bypass these steps, you can start splunk and accept the license in one step:
/opt/splunk/bin/splunk start --accept-license
Please note: there are two dashes before the accept-license option.
(or whatever host and port you installed)
(Use username "admin" and password "changeme" to login to your new Splunk installation for the first time.)
The first time you browse a new installation, you will see a Guided Setup tool that helps you set up data inputs, licenses, and other configuration options. Alternately, you can configure data inputs from the command line. Below is a typical example.
/opt/splunk/bin/splunk add tail /var/log
Your Splunk Server should show indexed data on its home page immediately after you add a data input. As soon as you see a number greater than "0 events" listed on the server's home page, you're ready to start Splunking!