Windows installation

This topic provides detailed instructions for installing Splunk on Windows.
If you are upgrading Splunk for Windows, refer to the upgrade instructions.

Install Splunk

The Windows installer is an MSI file.

Important: Currently, you can only install the Splunk Windows version as an existing user. This user must be a member of local administrator group. The 'Create user' option does not work correctly. This will be resolved in a near-term maintenance release.

1. To start the installer, double-click the splunk.msi file.
The Welcome panel is displayed.

2. To begin the installation, click Next.

Note: On each panel, you can click Next to continue, Back to go back a step, or Cancel to close the installer.

The licensing panel is displayed.

3. Read the licensing agreement and select "I accept the terms in the license agreement". Click Next to continue installing.
The Customer Information panel is displayed.

4. Enter the requested details and click Next.
The Destination Folder panel is displayed.

Note: Splunk is installed by default into the \Program Files\Splunk.

5. Click Change... to specify a different location to install Splunk, or click Next to accept the default value.
The Logon Information panel is displayed.

Splunk installs and runs two Windows services, splunkd and splunkweb. These services will be installed and run as the user you specify on this panel. You can choose to run Splunk as the local system user, or as a user with additional credentials.
The user Splunk runs as must have permissions to:

Run as a service
Read whatever files you are configuring it to monitor
Write to Splunk's directory

Note: If you install as the local system user, some network resources may not be available to the Splunk application. Contact your systems administrator for advice if you are unsure what user to specify.

6. Select a user type and click Next.
If you specified the local system user, proceed to step 8. Otherwise, the Logon Information: specify a username and password panel is displayed.

7. Specify a username and password to install and run Splunk and click Next.

To create a new user for Splunk to use, click New User Information... and specify details.
To use an existing user, enter or browse for the username and domain details.

The pre-installation summary panel is displayed.

8. Click Install to proceed.
The installer runs and displays the Installation Complete panel.

9. Check the boxes to run Splunk and Splunk Web now. Select which Windows event logs you would like Splunk to index right away. Click FInish.

Start Splunk

On Windows, Splunk is installed by default into \Program Files\Splunk

You can start and stop the following Splunk processes via the Windows Services Manager:

Server daemon: splunkd
Web interface: splunkweb

You can also start, stop, and restart both processes at once by going to \Program Files\Splunk\bin and typing

#  splunk.exe [start|stop|restart]

Note: If you chose not to index one or more of the Windows event logs by unchecking the box(es) at the end of the installation process, and want to begin indexing later, edit $SPLUNK_HOME/etc/bundles/local/inputs.conf as described in Configure inputs via inputs.conf.

Important: You must use two backslashes \\ to escape wildcards in stanza names in inputs.conf.

Install or upgrade license

If you are performing a new installation of Splunk or switching from one license type to another, you must update your license.

Uninstall Splunk

To uninstall Splunk, use the Add or Remove Programs option in the Control Panel.

Previous: Solaris installation | Next: License management

Comments

pheezy: apologies for the delay. this sounds like a question better suited for support. if you haven't already, i recommend you send an email to support@splunk.com. thank you.
Posted by sophy on Sep 12 2008, 4:03pm
What options can you pass to the MSI, for instance to allow someone to install Splunk on multiple Windows servers at once via a group policy?
Posted by pheezy on May 12 2008, 11:33am