This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6
The Mac OS build comes in two forms: a DMG package and a tarball. Below are instructions for the:
1. Double-click on the DMG file.
A Finder window containing splunk.pkg opens.
2. In the FInder window, double-click on splunk.pkg.
The Splunk installer opens and displays the Introduction, which lists version and copyright information.
3. Click Continue.
The Select a Destination window opens.
4. Choose a location to install Splunk.
/Applications/splunk, click on the harddrive icon.
5. Click Continue.
The pre-installation summary displays. If you need to make changes,
6. Click Install.
Your installation will begin. It may take a few minutes.
7. When your install completes, click Finish.
1. To mount the dmg:
hdid splunk_package_name.dmg
2. To Install
installer -pkg splunk.pkg -target /
installer -pkg splunk.pkg -target /Volumes\ Disk
-target specifies a target volume, such as another disk, where Splunk will be installed in /Applications/splunk.
To install into a directory other than /Applications/splunk on any volume, use the graphical installer as described above.
To install Splunk on a Mac OS, expand the tarball into an appropriate directory. The default install directory is /Applications/splunk.
When installing with the tarball:
splunk user automatically. If you want Splunk to run as a specific user, you must create the user manually.
Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify.
To start Splunk from the command line interface, run the following command from $SPLUNK_HOME/bin directory (where $SPLUNK_HOME is the directory into which you installed Splunk):
./splunk start
By convention, this document uses:
$SPLUNK_HOME to identify the path to your Splunk installation.
$SPLUNK_HOME/bin/ to indicate the location of the command line interface.
The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:
$SPLUNK_HOME/bin/splunk start --accept-license
Note: There are two dashes before the accept-license option.
After you start Splunk and accept the license agreement,
1. In a browser window, access Splunk Web at http://<hostname>:port.
hostname is the host machine.
port is the port you specified during the installation (the default port is 8000).
2. Login to Splunk with username admin and password changeme.
Now that you've installed Splunk, what comes next?
If you are performing a new installation of Splunk or switching from one license type to another, you must install or update your license.
Use your local package management commands to uninstall Splunk. In most cases, files that were not originally installed by the package will be retained. These files include your configuration and index files which are under your installation directory.
You can also simply go to $SPLUNK_HOME/bin, type ./splunk stop on the commandline and then delete the $SPLUNK_HOME directory and everything under it.