Start Splunk

This topic serves only as a brief instruction to starting Splunk. If you are new to Splunk, we recommending reviewing the User Manual first.

Before you start

Before starting Splunk, install the software. Refer to the Installation Manual for system requirements and step-by-step instructions. Make sure you install the correct version of Splunk and that you are installing on a supported filesystem.

Note: If you are upgrading or migrating to 3.2 from a 3.0 or later, refer to the upgrade instructions before continuing.

Start Splunk on non-Windows platforms

Splunk's command line interface is located in $SPLUNK_HOME/bin/. $SPLUNK_HOME refers to the path you installed under. Navigate to this location and run the following command:

# ./splunk start

You must accept Splunk's EULA the first time you start Splunk after a new installation. To bypass this step, start Splunk and accept the license in one step:

# ./splunk start --accept-license

NOTE: There are two dashes before the accept-license option.

Start Splunk on Windows

On Windows, Splunk is installed by default into \Program Files\Splunk

Start and stop the following Splunk processes via the Windows Services Manager:

Server daemon: splunkd
Web interface: splunkweb

You can also start, stop, and restart both processes at once by going to \Program Files\Splunk\bin and typing
# splunk.exe [start|stop|restart]

Load Splunk Web in your browser

Navigate to:

http://mysplunkhost:8000

Use whatever host and port you chose during installation.

The first time you login to Splunk with an Enterprise license, use username admin and password changeme. Splunk with a free license does not have access controls.

Previous: Overview of Splunk | Next: Administration basics

Comments

@dgiri101:

you can run Splunk's watchdog command to keep resurrect it. it's available at the command line as follows:
./splunk start watchdog

to turn it off:

./splunk stop watchdog
Posted by emma on Sep 12 2008, 5:36pm
How I can get Splunk running in the foreground (for use with daemontools/runit)? I don't want it to daemonize.
Posted by dgiri101 on Jun 04 2008, 3:48pm
Try this instead:
splunk start --answer-yes --no-prompt --accept-license:
- you will not be prompted for the license
- if splunk has any y/n questions, it will automatically assume yes (the q &
your response will still be printed)
- if there's a non-y/n question that splunk needs answered, it will print the
question, print why it's quitting, and quit.
Posted by m@ on Mar 14 2008, 4:54pm
/opt/splunk/bin/splunk start --accept-license --no-prompt

This appears to be an upgrade of Splunk.

--------------------------------------------------------------------------------

Splunk has detected an older version of Splunk installed on this machine. To
finish upgrading to the new version, Splunk's installer will automatically
update and alter your current configuration files. Deprecated configuration
files will be renamed with a .deprecated extension.

You can choose to preview the changes that will be made to your configuration
files before proceeding with the migration and upgrade:

If you want to migrate and upgrade without previewing the changes that will be
made to your existing configuration files, choose 'y'.
If you want to see what changes will be made before you proceed with the
upgrade, choose 'n'.

Perform migration and upgrade without previewing configuration changes? [y/n]

An error occurred: Exiting because user requested no prompting.
Posted by dmourati on Mar 14 2008, 3:56pm