Documentation: 3.2.3
Print Version Contents
This page last updated: 07/01/08 10:07am

Linux installation

This topic will guide you through installing or upgrading Splunk on the Linux platform.
Note: If you are upgrading, review the upgrade documentation later in this manual and check the migration documentation for any migation considerations before proceeding.

Install Splunk

The Linux build comes in three forms: RPM, DEB, and tarball.

RedHat, RPM install

To upgrade an existing Splunk installation using the RPM:

rpm -U splunk_package_name.rpm

To install the Splunk RPM from scratch:

rpm -i splunk_package_name.rpm

Note: These commands install Splunk into the default directory /opt/splunk.

To install Splunk in a different directory:

rpm -i --prefix=/opt/new_directory/splunk splunk_package_name.rpm

To verify the RPM package signature, refer to our PGP public key.

Debian, DEB install

To install the Splunk DEB package:

dpkg -i splunk_package_name.deb

Note: You can only install the Splunk DEB package in the default location, /opt/splunk.

Tarball install

To install Splunk on a Linux system, expand the tarball into an appropriate directory. The default install directory is /opt/splunk.

Note: When installing with the tarball:

  • Splunk does not create the splunk user automatically. If you want Splunk to run as a specific user, you must create the user manually.
  • Be sure the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

What gets installed

Splunk package status:

dpkg --status splunk

List all packages:

dpkg --list

Start Splunk

Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify. Refer to the instructions for running Splunk as a non-root user for more information.

To start Splunk from the command line interface, run the following command:

 $SPLUNK_HOME/bin/splunk start

Where:

  • $SPLUNK_HOME is the path to your Splunk installation.
  • $SPLUNK_HOME/bin/ is the location of the command line interface.

Startup options

The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

If this is an upgrade to 3.2 or later, you have the option of reviewing changes to be made to your configuration files during migration. Refer to the upgrade instructions for more details.

Launch Splunk Web and log in

After you start Splunk and accept the license agreement,

1. In a browser window, access Splunk Web at http://<hostname>:port.

  • hostname is the host machine.
  • port is the port you specified during the installation (the default port is 8000).

2. If you are running Splunk with a Free license, Splunk Web launches without prompting you for login information. If you are running Splunk with an Enterprise license, Splunk Web prompts you for login information (default, username admin and password changeme) before it launches.

Manage your license

If you are performing a new installation of Splunk or switching from one license type to another, you must update your license.

Uninstall Splunk

Use your local package management commands to uninstall Splunk. In most cases, files that were not originally installed by the package will be retained. These files include your configuration and index files which are under your installation directory.

If you can't use package management commands, follow the instructions for manually uninstalling Splunk components.

RedHat Linux

To uninstall from RedHat Linux

rpm -e splunk_product_name

Debian Linux

To uninstall from Debian Linux:

dpkg -r splunk

To purge (delete everything, even config files):

dpkg -P splunk

Previous: FreeBSD installation    |    Next: Mac OS installation

Comments

  1. For an upgrade (using -U) at least, the directory specified in --prefix=/opt/new_directory/splunk will actually install into /opt/new_directory/splunk/splunk . The prefix should be listed as the directory that the splunk directory is created in.
    Posted by kmp on Jun 24 2008, 4:02pm

  2. medina, thanks! made the correction across all the step-by-step installation pages.
    Posted by sophy on May 16 2008, 2:15pm

  3. Note that

    $SPLUNK_HOME start --accept-license

    should be

    $SPLUNK_HOME/bin/splunk start --accept-license
    Posted by medina on May 16 2008, 2:04pm

  4. In addition to installation for RPM should use "rpm -U" instead of "rpm -i" (and using "-vh" switches is also quite common), uninstallation should be "rpm -e" not "rpm --e".
    Posted by lpeterson on May 15 2008, 9:48am

  5. thanks, we have updated the doc to reflect this.
    Posted by rachel on Apr 24 2008, 11:22am

  6. only when upgrading an already installed splunk package
    Posted by m@ on Apr 24 2008, 9:16am

  7. the installation for rpm should be rpm -U rather than -i
    Posted by appliedsec on Apr 24 2008, 5:39am

Log in to comment.