• Read This First
  • System requirements
    • Host operating system
    • Client operating system / browser (for access to Splunk Web)
    • Hardware capacity requirements
    • Supported server hardware architectures
    • Supported file systems
    • Storage and performance notes
• Step by Step Installation
  • Step 1: Unpack the software
    • Tarball
    • RPM
    • deb
    • FreeBSD
    • Mac OS
    • Solaris
  • Step 2: Start Splunk
  • Step 3: Install or update your license
    • Via Splunk Web
    • Via the command line
  • Windows installation
    • Get started with the Splunk Windows port
• Install Splunk Toolbar
  • Install Splunk toolbar for Firefox
    • Install from download page
    • Install from Splunk server
    • Uninstall Splunk Toolbar
  • Install Splunk toolbar for Internet Explorer (beta)
    • Install from download page
    • Install from Internet Explorer
    • Uninstall Internet Explorer toolbar
• Advanced Installation Topics
  • Configure Splunk before startup
    • To start at boot time
    • To bind to an IP
  • Run Splunk as non-root user
    • Instructions
    • Solaris 10 privileges
  • Configure SELinux
  • License management
    • Access your license
    • Install via Splunk Web
    • Install via CLI
    • First login after applying new trial/Enterprise license
    • License violations
  • Uninstall Splunk manually
• Upgrade Instructions
  • Upgrade and migrate to 3.2
  • Upgrade Splunk on Windows
    • Start Splunk
  • Migration considerations
    • Scripts in /splunk/bin are not saved
    • Saved searches
    • Changes to indexes.conf
    • Must upgrade all instances of Splunk in a distributed environment
    • Instances of Splunk deployment server must match clients
• Help
  • Getting Help
    • Accessing help in Splunk Web
    • Accessing help in the command line (CLI)
    • How can I learn more about Splunk's advanced features?
    • I lost my Splunk.com password. What do I do?
    • How do I report problems?
    • How can I make suggestions?
    • I have some questions that aren't answered here. Where can I get help?
• Reference
  • File Manifest
  • PGP Public Key
    • Installing the key

Step 2: Start Splunk

Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify. Refer to the instructions for running Splunk as a non-root user for more information.

Start Splunk on non-Windows platforms

Splunk's command line interface is located in $SPLUNK_HOME/bin/. Navigate to this location and run the following command:

# ./splunk start

Use whatever path you installed under.

Start Splunk on Windows platforms

On Windows, Splunk is installed by default into \Program Files\Splunk

You can start and stop the following Splunk processes via the Windows Services Manager:

• Server daemon: splunkd
• Web interface: splunkweb

You can also start, stop, and restart both processes at once by going to \Program Files\Splunk\bin and typing
# splunk.exe [start|stop|restart]

Startup options

The first time you start Splunk after a new installation, you are presented with the license agreement and asked to accept the license. You can specify a number of different flags to affect

If you want to bypass these steps, you can start Splunk and accept the license in one step:

 $SPLUNK_HOME start --accept-license

Where $SPLUNK_HOME is where you installed Splunk.

Note: There are two dashes before the accept-license option.

Important: If this is an upgrade to 3.2 or later, you can preview the changes to be made to your configuration files during migration. Refer to the upgrade instructions for more details.

Launch Splunk Web and log in

Access Splunk Web at
http://mysplunkhost:8000
Replace mysplunkhost:8000 with the host and port you specified during the installation.
Use username "admin" and password "changeme" to login to your new Splunk installation for the first time.

Set up one or more data inputs

The first time you browse a new installation, you will see a Guided Setup tool that helps you set up data inputs, licenses, and other configuration options. Alternately, you can configure data inputs from the command line. Below is a typical example.

/opt/splunk/bin/splunk add tail /var/log

Your Splunk Server should show indexed data on its home page immediately after you add a data input. As soon as you see a number greater than "0 events" listed on the server's home page, you're ready to start Splunking!