This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6
To start Splunk:
On Windows
You can start Splunk on Windows using either the commandline, or the Windows Services Manager. Using the commandline offers more options, described later in this section. In a cmd window, go to C:\Program Files\Splunk\bin and type:
splunk start
(For Windows users: in the subsequent examples and information, replace $SPLUNK_HOME with C:\Program Files\ if you have installed Splunk in the default location.)
On UNIX Use the Splunk command line interface (CLI):
$SPLUNK_HOME/bin/splunk start
Splunk then displays the license agreement and prompts you to accept the before the startup sequence continues.
To automatically accept the license when you start Splunk for the first time, add the accept-license option to the start command:
$SPLUNK_HOME/bin/splunk start --accept-license
The startup sequence displays:
Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Verifying configuration. This may take a while... Finished verifying configuration. Checking index directory... Verifying databases... Verified databases: _audit, _blocksignature, _internal, _thefishbucket, history, main, sampledata, splunklogger, summary Checking index files All index checks passed. All preliminary checks passed. Starting splunkd... Starting splunkweb... Splunk Server started. The Splunk web interface is at http://<hostname>:8000 If you get stuck, we're here to help. Feel free to email us at 'support@splunk.com'.
Note: If the default ports are already in use (or are otherwise not available), Splunk will offer to use the next available port. You can either accept this option or specify a port for Splunk to use.
There are two other start options: no-prompt and answer-yes:
$SPLUNK_HOME/bin/splunk start --no-prompt, Splunk proceeds with startup until it requires you to answer a question. Then, it displays the question, why it is quitting, and quits.
SPLUNK_HOME/bin/splunk start --answer-yes, Splunk proceeds with startup and automatically answers "yes" to all yes/no questions. Splunk displays the question and answer as it continues.
If you run start with all three options in one line, for example:
$SPLUNK_HOME/bin/splunk start --answer-yes --no-prompt --accept-license
You can start and stop individual Splunk processes by adding the process as an object to the start command. The objects include:
splunkd, the Splunk server daemon.
splunkweb, Splunk's Web interface process.
watchdog, a keep-alive process that restarts splunkd if it shuts down. When it notices the splunkd pid no longer exists, it will try up to three times to restart splunkd. This option does not work on Windows. Instead, set recovery options in the Service Management console.
For example, to start only splunkd:
$SPLUNK_HOME/bin/splunk start splunkd
To disable splunkweb:
$SPLUNK_HOME/bin/splunk disable webserver
Or to start Splunk watchdog:
$SPLUNK_HOME/bin/splunk start watchdog
To shutdown watchdog, use the following command:
$SPLUNK_HOME/bin/splunk stop watchdog
For more information about start, refer to the CLI help page:
$SPLUNK_HOME/bin/splunk help start
Navigate to:
Use whatever host and port you chose during installation.
The first time you log in to Splunk Enterprise, the default login details are:
Username - admin.
Password - changeme.
Splunk Free does not have access controls.