This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 , 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13
This topic provides instructions for installing Splunk on Solaris systems.
Note: If you are upgrading, review the upgrade documentation later in this manual and check the migration documentation for any migation considerations before proceeding.
The Solaris build comes in two forms: a PKG file and a tarball.
The PKG installation package includes a request file that prompts you to answer a few questions before Splunk installs.
1. To install Splunk using a PKG file:
pkgadd -d ./splunk_product_name.pkg
A list of the available packages displays.
2. Select the packages you wish to process (the default is "all").
3. Next, the installer prompts you to specify a base installation directory.
To install into the default directory, /opt/splunk, leave this blank.
To upgrade an existing Splunk installation using a PKG file, use the same exact command line as you would for a fresh install.
pkgadd -d ./splunk_product_name.pkg
You will be prompted to overwrite any changed files, answer yes to every one.
To run the upgrade silently (and not have to answer yes for every file overwrite), type:
pkgadd -n -d ./splunk_product_name.pkg
To install Splunk on a Solaris system, expand the tarball into an appropriate directory. By default, Splunk installs into /opt/splunk/.
When installing with the tarball:
splunk user automatically. If you want Splunk to run as a specific user, you must create the user manually.
Splunk package info:
pkginfo -l splunk
List all packages:
pkginfo
Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify. For more information, refer to the instructions on running Splunk as a non-root user.
Note: If you are installing on Solaris 10, refer to this page for additional information about configuring user privileges.
To start Splunk from the command line interface, run the following command:
$SPLUNK_HOME/bin/splunk start
By convention, this document uses:
$SPLUNK_HOME to identify the path to your Splunk installation.
$SPLUNK_HOME/bin/ to indicate the location of the command line interface.
The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:
$SPLUNK_HOME/bin/splunk start --accept-license
Note: There are two dashes before the accept-license option.
For more information, refer to Splunk startup options
If this is an upgrade to 3.2 or later, you have the option of reviewing changes to be made to your configuration files during migration. Refer to the upgrade instructions for more details.
After you start Splunk and accept the license agreement,
1. In a browser window, access Splunk Web at http://mysplunkhost:port, where:
mysplunkhost is the host machine.
port is the port you specified during the installation (8000).
2. If you are running Splunk with a Free license, Splunk Web launches without prompting you for login information. If you are running Splunk with an Enterprise license, Splunk Web prompts you for login information (default, username admin and password changeme) before it launches.
If you are performing a new installation of Splunk or switching from one license type to another, you must update your license.
Use your local package management commands to uninstall Splunk. In most cases, files that were not originally installed by the package are retained. These files include your configuration and index files which are under your installation directory.
pkgrm splunk
If you can't use package management commands, follow the instructions for manually uninstalling Splunk components.