Topics

| pdf version

Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Change default Splunk server settings

This documentation does not apply to the most recent version of Splunk.

This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13

Change default Splunk server settings

After you start a new installation of Splunk, you may want to change a number of the default settings. This is a quick guide for using the CLI to change the admin default password, your Splunk server name, the Web and splunkd network ports, the datastore location, and the minimum free disk space.

Note: The following CLI commands assume you have set a Splunk environmental variable. If you have not, navigate to $SPLUNK_HOME/bin and run the ./splunk command.

Note: You can also make these changes while in Splunk Web.


Change the password

Splunk with a Free license does not require login authentication. However, Splunk with an Enterprise license does require authentication and ships with a default administrator account with username admin and password changeme.

To change the administrator password: 

# splunk edit user admin --password <new_password> -auth admin:changeme

This changes the admin user's password from changeme to <new_password>.

Note: The CLI command is # splunk edit user; however, you need to authenticate with the existing password before it can be changed.


Change Splunk server name

The Splunk server name is the identity of that particular instance. This name is displayed within Splunk Web and is sent to other Splunk servers in a distributed setting. The default name is taken from either the DNS or IP address of the Splunk server host.

To change the Splunk server name: 

# splunk set servername <new_servername>


Change network ports

Splunk uses two network ports that default to:

  • 8000: HTTP or HTTPS socket for Splunk Web.
  • 8089: Splunk management port.

Note: Splunk Web, the command line interface, and any distributed connections from other servers use the Splunk management port to communicate with the splunkd daemon.

To change the Splunk Web port: 

# splunk set web-port <port_number>

To change the Splunkd port: 

# splunk set splunkd-port <port_number>


Change datastore location

The datastore is the top-level directory where the Splunk server stores all indexed data, user information, and working files. If you turn off local indexing and only forward data in a distributed setup, this server still requires a few megabytes of available space in the datastore path.

Important: If you change this directory, the server does not migrate old datastore files. Instead, it starts over in the new location. To migrate your data to another directory, refer to the instructions in Move an index.

To change the datastore location: 

# splunk set datastore-dir <new_path>


Change minimum free disk space

The minimum free disk space defines a storage space limit before Splunk stops indexing. Splunk resumes indexing when more space becomes available. For more information on managing Splunk disk usage, see Disk usage.

To change the minimum free disk space: 

# splunk set minfreemb <numberMB>
Retrieved from "http://www.splunk.com/base/Documentation/3.4.3/User/ChangeDefaultSplunkServerSettings"
Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons

Copyright © 2005-2010 Splunk Inc. All rights reserved.