This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10
On Windows, Splunk starts by default at machine startup. On other platforms, you must configure this manually. To disable this, see the end of this topic.
Splunk provides a utility that updates your system boot configuration so that Splunk starts when the system boots up. This utility creates a suitable init script (or makes a similar configuration change, depending on your OS).
As root, run:
$SPLUNK_HOME/bin/splunk enable boot-start
If you don't start Splunk as root, you can pass in the -user parameter to specify which user to start Splunk as. For example, if Splunk runs as the user bob, then as root you would run:
$SPLUNK_HOME/bin/splunk enable boot-start -user bob
If you want to stop Splunk from running at system startup time, run:
$SPLUNK_HOME/bin/splunk disable boot-start
More information is available in $SPLUNK_HOME/etc/init.d/README and if you type help boot-start from the command line.
Splunk automatically creates a script and configuration file in the directory: /System/Library/StartupItems. This script is run at system start, and automatically stops Splunk at system shutdown.
Note: If you are using a Mac OS, you must have root level permissions (or use sudo). You need administrator access to use sudo..
Example:
Enable Splunk to start at system start up on Mac OS using:
just the CLI::
./splunk enable boot-start
the CLI with sudo:
sudo ./splunk enable boot-start
By default, Splunk starts automatically when you start your Windows machine. You can configure the Splunk processes (SplunkWeb and Splunkd) to start manually from the Windows Services manager.