• Read This First
  • Before you install
    • System Requirements
    • Installing as root
  • What Gets Installed
• Step by Step Installation
  • Step 1: Unpack the software
    • Tarball
    • RPM
    • deb
    • FreeBSD
    • Mac OS
    • Solaris
  • Step 2: Start Splunk
  • Step 3: Install your license
    • Using SplunkWeb
    • From the command line
• Install Splunk Toolbar
  • How to Install the Splunk toolbar for Firefox
    • Install from download page
    • Install from Splunk server
    • Uninstall Splunk toolbar
  • How to install the Splunk toolbar for Internet Explorer (beta)
    • Install Internet Explorer toolbar from download page
    • Install toolbar in Internet Explorer
    • Uninstall Internet Explorer toolbar
• Advanced Installation Topics
  • Automated installation
  • Configure Splunk to Start at System Startup
  • Run Splunk as a non-root user
    • Start Splunk as a non-root user
  • License Management
    • Installing or updating a license
  • Uninstall Splunk
    • RedHat Linux
    • Debian Linux
    • Solaris
    • FreeBSD
    • Manual uninstall
• Upgrade Instructions
  • Read this first before upgrading to 3.0.x
    • All bundles, all the time
    • Terminology changes
    • Event typer changes
    • What will be preserved on upgrade
    • Deployment server
    • License changes
  • Upgrading 2.1.x or 2.2.x to 3.0.x
    • Step 1: Administrative preparation
    • Step 2: Install the 3.0.x package and update your database
    • Step 3: Update and restore your configuration files
  • Upgrading to a later 3.0.x maintenance release
    • For rpm, pkg, and deb upgrades
    • For tar upgrades
• Help
  • Getting Help
    • Accessing help in SplunkWeb
    • Accessing help in the command line (CLI)
    • How can I learn more about Splunk's advanced features?
    • I lost my Splunk.com password. What do I do?
    • How do I report problems?
    • How can I make suggestions?
    • I have some questions that aren't answered here. Where can I get help?
  • Installer options
• Reference
  • File Manifest
  • PGP Public Key
    • Installing the key

Step 2: Start Splunk

1. Start the server

/opt/splunk/bin/splunk start

The first time you run a new installation, you will be prompted with a license agreement. You must accept the license terms to continue to use Splunk.

Splunk can run as any user on the local system. If you run Splunk as a non-root user you will need to ensure that Splunk has the appropriate permissions to read the inputs that you specify.

The first time you start splunk after a new installation, you will be presented with the license agreement and asked to accept the license. If you want to bypass these steps, you can start splunk and accept the license in one step:

 /opt/splunk/bin/splunk start --accept-license

Please note: there are two dashes before the accept-license option.

2. Load the Splunk GUI in your browser

http://mysplunkhost:8000
(or whatever host and port you installed)

(Use username "admin" and password "changeme" to login to your new Splunk installation for the first time.)

3. Set up one or more data inputs

The first time you browse a new installation, you will see a Guided Setup tool that helps you set up data inputs, licenses, and other configuration options. Alternately, you can configure data inputs from the command line. Below is a typical example.

/opt/splunk/bin/splunk add tail /var/log

Your Splunk Server should show indexed data on its home page immediately after you add a data input. As soon as you see a number greater than "0 events" listed on the server's home page, you're ready to start Splunking!