Documentation: 3.4.1
Print Version Contents
This page last updated: 11/18/08 10:11am

Mac OS installation

This topic provides detailed instructions for installing Splunk on Mac OS.
Note: If you are upgrading, review the upgrade documentation later in this manual and check the migration documentation for any migration considerations before proceeding.

Important: Users of LDAP on Mac OSX Leopard should back up ldap.conf before upgrading via DMG to 3.4. If you are using LDAP authentication and are upgrading from any version of Splunk to version 3.4, the Leopard DMG manager will delete your existing ldap.conf and replace it with the newer ldap.conf.default. If you've made changes to ldap.conf, make a backup copy of this file before upgrading to 3.4 and then reinstate it after you have upgraded.

Install Splunk

The Mac OS build comes in two forms: a DMG package and a tarball. Below are instructions for the:

  • Graphical (basic) and command line installs using the DMG file.
  • Tarball install.

Graphical install

1. Double-click on the DMG file.
A Finder window containing splunk.pkg opens.

2. In the FInder window, double-click on splunk.pkg.
The Splunk installer opens and displays the Introduction, which lists version and copyright information.

3. Click Continue.
The Select a Destination window opens.

4. Choose a location to install Splunk.

  • To install in the default directory, /Applications/splunk, click on the harddrive icon.
  • To select a different location, click Choose Folder...

5. Click Continue.
The pre-installation summary displays. If you need to make changes,

  • Click Change Install Location to choose a new folder, or
  • Click Back to go back a step.

6. Click Install.
Your installation will begin. It may take a few minutes.

7. When your install completes, click Finish.

Command line install

1. To mount the dmg:

hdid splunk_package_name.dmg

2. To Install

  • To the root volume:
installer -pkg splunk.pkg -target /
  • To a different disk of partition:
installer -pkg splunk.pkg -target /Volumes\ Disk

-target specifies a target volume, such as another disk, where Splunk will be installed in /Applications/splunk.

To install into a directory other than /Applications/splunk on any volume, use the graphical installer as described above.

Tarball install

To install Splunk on a Mac OS, expand the tarball into an appropriate directory. The default install directory is /Applications/splunk.

Note: When installing with the tarball:

  • Splunk does not create the splunk user automatically. If you want Splunk to run as a specific user, you must create the user manually.
  • Be sure the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

Start Splunk

Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify. Refer to the instructions for running Splunk as a non-root user for more information.

To start Splunk from the command line interface, run the following command:

 $SPLUNK_HOME/bin/splunk start

Note: By convention, this document uses:

  • $SPLUNK_HOME to identify the path to your Splunk installation.
  • $SPLUNK_HOME/bin/ to indicate the location of the command line interface.

Startup options

The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

For more information, refer to Splunk startup options

If this is an upgrade to 3.2 or later, you have the option of reviewing changes to be made to your configuration files during migration. Refer to the upgrade instructions for more details.

Launch Splunk Web and log in

After you start Splunk and accept the license agreement,

1. In a browser window, access Splunk Web at http://<hostname>:port.

  • hostname is the host machine.
  • port is the port you specified during the installation (the default port is 8000).

2. Login to Splunk with username admin and password changeme.

Manage your license

If you are performing a new installation of Splunk or switching from one license type to another, you must update your license.

Uninstall Splunk

Use your local package management commands to uninstall Splunk. In most cases, files that were not originally installed by the package will be retained. These files include your configuration and index files which are under your installation directory.

If you can't use package management commands, follow the instructions for manually uninstalling Splunk components.

Previous: Linux installation    |    Next: Solaris installation

Comments

  1. accesstjr: it is noted in the topic that $SPLUNK_HOME is a convention we use to refer to the install path of the software; this path may not always be the default location. you may want to set a SPLUNK_HOME environmental variable:

    http://www.splunk.com/doc/latest/admin/AdminBasics

    thanks for leaving a comment!
    Posted by sophy on Aug 25 2008, 9:19am

  2. Just a note on the above for less technical users (like me). You need to start Splunk by entering the command in the terminal window (its in the utilities folder) but it didnt work for me by cutting and pasting '$SPLUNK_HOME/bin/splunk start' I had to replace the ' $SPLUNK_HOME' with 'applications'.. ie:

    '/applications/splunk/bin/splunk start'

    that may be obvious to advanced users.. but not to me :)
    Posted by accesstjr on Aug 24 2008, 3:14pm

Log in to comment.