This document last updated: 01/06/09 04:01pm

Print Installation Manual

Read This First

System requirements

Before you download and install the Splunk software, read the following sections for the supported system requirements. If you have ideas or requests for new features to add to future releases, email Splunk Support. Also, you can follow our Product Roadmap.

Check the release notes for details on known and resolved issues, and refer to the download page for the latest version to download.

Caution: Splunk does not provide a direct upgrade path to version 3.2.x from versions earlier than 3.0. You cannot upgrade directly from 2.x to 3.2. If you are upgrading from an earlier version of Splunk, refer to the upgrade and migration instructions for upgrading to 3.0 and upgrade to 3.0 or 3.1 before proceeding.

Host operating system

Linux 2.6+ kernel Linux distributions (x86 and x86_64) and major 2.4+ kernel Linux distributions with NPTL (x86)
Solaris 8, 9 & 10 / Sparc
Solaris 9 & 10 / x86
Mac OS X 10.4+ / x86 and PPC
FreeBSD 6.1 (6.2 for 64-bit versions) or later
AIX 5.2 and 5.3
- AIX 5.4 has not yet been tested by Splunk. If you want to give it a try, please install it on a test server and send us feedback.
Windows 2000 Server (32-bit)
Windows XP Professional (32-bit)
Windows 2003 Server (32-bit)

Note: Splunk is certified to to run on English versions of Windows only. Non-English operating systems are not supported.
Note: Windows registry monitoring is not supported on Windows 2000 due to an issue with a Windows 2000 DLL.

Client operating system / browser (for access to Splunk Web)

AIX, BSD and Linux: Firefox 1.5 or 2.0; Adobe Flash 9 or higher
Mac OS X: Firefox 1.5 or 2.0; Adobe Flash 9 or higher
Windows: Internet Explorer 6 or 7 or Firefox 1.5 or 2.0; Adobe Flash 9 or higher

You can verify your installed version of Flash here

Hardware capacity requirements

Splunk is a high-performance application. If you are performing a comprehensive evaluation of Splunk for production deployment, we recommend that you use hardware typical of your production environment; this hardware should meet or exceed the recommended hardware capacity specifications below.

Important: For all installations, a minimum of 2GB hard disk space is required, including forwarders.
Note: Running Splunk in virtual machine (VM) mode on any platform will degrade performance.

Recommended hardware capacity

Non-Windows platforms:
2x3.4 GHz CPU, 4 GB RAM
Windows platforms:
Multi-core Xeon or equivalent at 3Ghz, 4GB RAM

Minimum supported hardware capacity

Use the minimum supported hardware guidelines for personal use of Splunk. We recommend you use the Splunk desktop application/configuration when using Splunk on desktops or laptops.
Important: These are the minimum requirements for Splunk and apply to all configurations, including indexer and lightweight forwarder instances.

Non-Windows platforms:
1x1.4 GHz CPU, 1 GB RAM
Windows platforms:
Pentium 4 or equivalent at 2Ghz, 2GB RAM

Supported server hardware architectures

32 and 64-bit architectures are supported for some platforms. Splunk is supported on 32-bit Windows platforms only. See the download page page for details.

Supported file systems

Linux - ext2/3, reiser3, XFS
Solaris - UFS, ZFS, VXFS
FreeBSD - FFS, UFS
Mac - HFS
AIX - JFS, JFS2, NFS 3/4
Windows - NTFS, FAT32

Note: Most other file systems are supported. If you run Splunk on a filesystem that is not listed above, Splunk may run a startup utility named locktest. Locktest is a program that tests the start up process. If locktest runs and fails, the filesystem is not suitable for running Splunk.

Note: On FreeBSD, mounting as nullfs is not supported.

Storage and performance notes

For some tools for estimating your index size, refer to this topic on the Splunk Wiki.
For more information on ways to reduce your index density, click here

Step by Step Installation

Before you install

Before installing Splunk on your system:

Read the system requirements.
Check the release notes for details on known and resolved issues.
Refer to the download page for the latest version to download.
If you are upgrading, review the upgrade documentation later in this manual and check the migration documentation for any migation considerations before proceeding.

Some platform-specific installers come in both a package form and a tarball. Follow the instructions for your specific package or tarball.

Installing as root

Splunk must run as root or as a member of the splunk group. When installing from any type of package manager that isn't a tarball, you must install as root. When you install Splunk with root privileges, it creates the user splunk and group splunk (if they do not already exist). If you do not install Splunk with root privileges, it won't attempt to create users or groups.

Splunk can run as any user on the local system. However, the user Splunk runs as must have access rights to read all the data inputs you define. Keep in mind that some files and directories may be in privileged locations and therefore will not be indexed if you don't have the correct ownership settings.

Running Splunk on Windows

To install Splunk, you must have local administrator privileges in order to bind the ports required for splunkd to splunkweb communication. During the install process, you will have the option to select which account splunkd and splunkweb will run as consistently.

Splunk strongly recommends that you run Splunk as the local system account if you do not need to collect data from other machines

If you would like to collect data from additional machines remotely - for example, WMI polling of event logs, or collection IIS logs through a file share - you must install Splunk using a domain service account that you create. This account needs administrator-like permissions on the local box, and sufficient privileges on the target machines to collect your desired data. For more information on WMI polling permission setting, please refer to the WMI documentation.

You can run Splunk as another account besides local system or the local administrator. However, you must grant the following rights to the service account:

Full control over Splunk's installation directory
Read access to any flat-file directory (to read whatever files you are configuring it to monitor).
Permission to log on as a service
Permission to log on as a batch job.
Replace a process-level token.
Permission to act as part of the operating system.
Permission to bypass traverse checking.

You must allow this account additional, specific permissions if you want to collect the registry or event logs.

Splunk Web's service does not require as many permissions as splunkd to function, and can be safely reduced to:

Full control over Splunk's install directory
Log on as a service

Note: It is possible to change the account under which both splunkd and splunkweb run using the change user CLI command.

Disabling update checker

Splunk Web is configured to check for new versions of itself. If you are running Splunk on a LAN that is not connected to the rest of the Web, you will want to disable this feature.

What ports Splunk uses

Splunk uses two network ports by default; ports 8000 (Splunk Web) and 8089 (management port) are opened initially. You can also enable SSL for Splunk Web after you install.

What gets installed

For a complete list of files that Splunk installs, refer to the file manifest for your platform, located in $SPLUNK_HOME, at the same level as the /etc directory.

Advanced installation topics

Before you start Splunk for the first time, review the topics under Advanced Installation. The topics include configuring Splunk to start at boot time, bind to an IP, and run as a non-root user.

AIX installation

This topic will guide you through installing Splunk on the AIX platform.
Note: If you are upgrading, review the upgrade documentation later in this manual and check the migration documentation for any migation considerations before proceeding.

Install Splunk

The AIX install comes in tarball form only. We plan to provide a native install package in a later release.

Note: When installing with the tarball:

Splunk does not create the splunk user automatically. If you want Splunk to run as a specific user, you must create the user manually.
Be sure the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

To install Splunk on an AIX system, expand the tarball into an appropriate directory. The default install directory is /opt/splunk.

For AIX 5.3, check to make sure your service packs are up to date. Splunk requires the following service level:

$ oslevel -r
5300-005

Start Splunk

Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify. Refer to the instructions for running Splunk as a non-root user for more information.

To start Splunk from the command line interface, run the following command:

 $SPLUNK_HOME/bin/splunk start

Note: By convention, this document uses:

$SPLUNK_HOME to identify the path to your Splunk installation.
$SPLUNK_HOME/bin/ to indicate the location of the command line interface.

Startup options

The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

For more information, refer to Splunk startup options

If this is an upgrade to 3.2 or later, you have the option of reviewing changes to be made to your configuration files during migration. Refer to the upgrade instructions for more details.

Launch Splunk Web and log in

After you start Splunk and accept the license agreement,

1. In a browser window, access Splunk Web at http://<hostname>:port.

hostname is the host machine.
port is the port you specified during the installation (the default port is 8000).

2. If you are running Splunk with a Free license, Splunk Web launches without prompting you for login information. If you are running Splunk with an Enterprise license, Splunk Web prompts you for login information (default, username admin and password changeme) before it launches.

Manage your license

If you are performing a new installation of Splunk or switching from one license type to another, you must update your license.

Uninstall Splunk

Use your local package management commands to uninstall Splunk. In most cases, files that were not originally installed by the package will be retained. These files include your configuration and index files which are under your installation directory.

If you can't use package management commands, follow the instructions for manually uninstalling Splunk components.

FreeBSD installation

This topic will guide you through installing Splunk on the FreeBSD platform.
Note: If you are upgrading, review the upgrade documentation later in this manual and check the migration documentation for any migation considerations before proceeding.

Install Splunk

The FreeBSD builds comes in two forms: an installer (5.4-intel) and a tarball (i386). Both are TGZ files.

Basic install

To install FreeBSD using the intel installer:

pkg_add splunk_package_name-5.4-intel.tgz

This installs Splunk in the default directory, /opt/splunk/

To install Splunk in a different directory:

pkg_add -v -p /usr/splunk splunk_package_name-5.4-intel.tgz

Tarball install

To install Splunk on a FreeBSD system, expand the tarball into an appropriate directory. The default install directory is /opt/splunk.

Note: When installing with the tarball:

Splunk does not create the splunk user automatically. If you want Splunk to run as a specific user, you must create the user manually.
Be sure the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

After you install

To ensure that Splunk functions properly on FreeBSD, you must:

1. Add the following to /boot/loader.conf

kern.maxdsiz="2147483648" # 2GB
kern.dfldsiz="2147483648" # 2GB
machdep.hlt_cpus=0

2. Add the following to /etc/sysctl.conf:

vm.max_proc_mmap=2147483647

A restart of the OS is required for the changes to effect.

What gets installed

To see the list of Splunk packages:

pkg_info -L splunk

To list all packages:

pkg_info

Start Splunk

To start Splunk from the command line interface, run the following command:

 $SPLUNK_HOME/bin/splunk start

Note: By convention, this document uses:

$SPLUNK_HOME to identify the path to your Splunk installation.
$SPLUNK_HOME/bin/ to indicate the location of the command line interface.

Startup options

The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

For more information, refer to Splunk startup options

If this is an upgrade to 3.2 or later, you have the option of reviewing changes to be made to your configuration files during migration. Refer to the upgrade instructions for more details.

Launch Splunk Web and log in

After you start Splunk and accept the license agreement,

1. In a browser window, access Splunk Web at http://<hostname>:port.

hostname is the host machine.
port is the port you specified during the installation (the default port is 8000).

Manage your license

If you are performing a new installation of Splunk or switching from one license type to another, you must update your license.

Uninstall Splunk

To uninstall Splunk from the default location:

pkg_delete splunk

To uninstall Splunk from a different location:

pkg_delete -p /usr/splunk splunk

Linux installation

This topic will guide you through installing or upgrading Splunk on the Linux platform.
Note: If you are upgrading, review the upgrade documentation later in this manual and check the migration documentation for any migation considerations before proceeding.

Install Splunk

The Linux build comes in three forms: RPM, DEB, and tarball.

RedHat, RPM install

To upgrade an existing Splunk installation using the RPM:

rpm -U splunk_package_name.rpm

To install the Splunk RPM from scratch, in the default directory /opt/splunk:

rpm -i splunk_package_name.rpm

To install Splunk in a different directory, use the --prefix flag:

rpm -i --prefix=/opt/new_directory splunk_package_name.rpm

If you want to automate your RPM install with kickstart, add the following to your kickstart file:

./splunk start --accept-license
./splunk enable boot-start

Note: The second line is optional for the kickstart file. Read more about Configuring Splunk to start at boot time.

To verify the RPM package signature, refer to our PGP public key.

Debian, DEB install

To install the Splunk DEB package:

dpkg -i splunk_package_name.deb

Note: You can only install the Splunk DEB package in the default location, /opt/splunk.

Important: There is an issue with the Splunk 3.3 Debian package resulting in errors when you try to start Splunk. To work around this issue, once you've run the installer, edit /var/lib/dpkg/info/splunk.postinst and modify line 13 by adding a / before opt (SPLUNK_HOME="/opt/$PRODUCT". Then run the script: sh /var/lib/dpkg/info/splunk.postinst . This completes the installation and you can then start Splunk.
This issue was resolved in Splunk 3.3.1.

Tarball install

To install Splunk on a Linux system, expand the tarball into an appropriate directory. The default install directory is /opt/splunk.

Note: When installing with the tarball:

Splunk does not create the splunk user automatically. If you want Splunk to run as a specific user, you must create the user manually.
Be sure the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

What gets installed

Splunk package status:

dpkg --status splunk

List all packages:

dpkg --list

Start Splunk

To start Splunk from the command line interface, run the following command:

 $SPLUNK_HOME/bin/splunk start

Note: By convention, this document uses:

$SPLUNK_HOME to identify the path to your Splunk installation.
$SPLUNK_HOME/bin/ to indicate the location of the command line interface.

Startup options

The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

For more information, refer to Splunk startup options

If this is an upgrade to 3.2 or later, you have the option of reviewing changes to be made to your configuration files during migration. Refer to the upgrade instructions for more details.

Launch Splunk Web and log in

After you start Splunk and accept the license agreement,

1. In a browser window, access Splunk Web at http://<hostname>:port.

hostname is the host machine.
port is the port you specified during the installation (the default port is 8000).

Manage your license

If you are performing a new installation of Splunk or switching from one license type to another, you must update your license.

Uninstall Splunk

If you can't use package management commands, follow the instructions for manually uninstalling Splunk components.

RedHat Linux

To uninstall from RedHat Linux

rpm -e splunk_product_name

Debian Linux

To uninstall from Debian Linux:

dpkg -r splunk

To purge (delete everything, including configuration files):

dpkg -P splunk

Mac OS installation

This topic provides detailed instructions for installing Splunk on Mac OS.
Note: If you are upgrading, review the upgrade documentation later in this manual and check the migration documentation for any migration considerations before proceeding.

Important: Users of LDAP on Mac OSX Leopard should back up ldap.conf before upgrading via DMG to 3.4. If you are using LDAP authentication and are upgrading from any version of Splunk to version 3.4, the Leopard DMG manager will delete your existing ldap.conf and replace it with the newer ldap.conf.default. If you've made changes to ldap.conf, make a backup copy of this file before upgrading to 3.4 and then reinstate it after you have upgraded.

Install Splunk

The Mac OS build comes in two forms: a DMG package and a tarball. Below are instructions for the:

Graphical (basic) and command line installs using the DMG file.
Tarball install.

Graphical install

1. Double-click on the DMG file.
A Finder window containing splunk.pkg opens.

2. In the FInder window, double-click on splunk.pkg.
The Splunk installer opens and displays the Introduction, which lists version and copyright information.

3. Click Continue.
The Select a Destination window opens.

4. Choose a location to install Splunk.

To install in the default directory, /Applications/splunk, click on the harddrive icon.
To select a different location, click Choose Folder...

5. Click Continue.
The pre-installation summary displays. If you need to make changes,

Click Change Install Location to choose a new folder, or
Click Back to go back a step.

6. Click Install.
Your installation will begin. It may take a few minutes.

7. When your install completes, click Finish.

Command line install

1. To mount the dmg:

hdid splunk_package_name.dmg

2. To Install

To the root volume:

installer -pkg splunk.pkg -target /

To a different disk of partition:

installer -pkg splunk.pkg -target /Volumes\ Disk

-target specifies a target volume, such as another disk, where Splunk will be installed in /Applications/splunk.

To install into a directory other than /Applications/splunk on any volume, use the graphical installer as described above.

Tarball install

To install Splunk on a Mac OS, expand the tarball into an appropriate directory. The default install directory is /Applications/splunk.

Note: When installing with the tarball:

Splunk does not create the splunk user automatically. If you want Splunk to run as a specific user, you must create the user manually.
Be sure the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

Start Splunk

To start Splunk from the command line interface, run the following command:

 $SPLUNK_HOME/bin/splunk start

Note: By convention, this document uses:

$SPLUNK_HOME to identify the path to your Splunk installation.
$SPLUNK_HOME/bin/ to indicate the location of the command line interface.

Startup options

The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

For more information, refer to Splunk startup options

If this is an upgrade to 3.2 or later, you have the option of reviewing changes to be made to your configuration files during migration. Refer to the upgrade instructions for more details.

Launch Splunk Web and log in

After you start Splunk and accept the license agreement,

1. In a browser window, access Splunk Web at http://<hostname>:port.

hostname is the host machine.
port is the port you specified during the installation (the default port is 8000).

2. Login to Splunk with username admin and password changeme.

Manage your license

If you are performing a new installation of Splunk or switching from one license type to another, you must update your license.

Uninstall Splunk

If you can't use package management commands, follow the instructions for manually uninstalling Splunk components.

Solaris installation

This topic provides instructions for installing Splunk on Solaris systems.
Note: If you are upgrading, review the upgrade documentation later in this manual and check the migration documentation for any migation considerations before proceeding.

Install Splunk

The Solaris build comes in two forms: a PKG file and a tarball.

Native install

The PKG installation package includes a request file that prompts you to answer a few questions before Splunk installs.

1. To install Splunk using a PKG file:

pkgadd -d ./splunk_product_name.pkg

A list of the available packages displays.

2. Select the packages you wish to process (the default is "all").

3. Next, the installer prompts you to specify a base installation directory.
To install into the default directory, /opt/splunk, leave this blank.

Native upgrade

To upgrade an existing Splunk installation using a PKG file, use the same exact command line as you would for a fresh install.

pkgadd -d  ./splunk_product_name.pkg

You will be prompted to overwrite any changed files, answer yes to every one.
To run the upgrade silently (and not have to answer yes for every file overwrite), type:

pkgadd -n -d  ./splunk_product_name.pkg

Tarball install

To install Splunk on a Solaris system, expand the tarball into an appropriate directory. By default, Splunk installs into /opt/splunk/.

Note: When installing with the tarball:

Splunk does not create the splunk user automatically. If you want Splunk to run as a specific user, you must create the user manually.
Be sure the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

What gets installed

Splunk package info:

pkginfo -l splunk

List all packages:

pkginfo

Start Splunk

Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify. For more information, refer to the instructions on running Splunk as a non-root user.

Note: If you are installing on Solaris 10, refer to this page for additional information about configuring user privileges.

To start Splunk from the command line interface, run the following command:

 $SPLUNK_HOME/bin/splunk start

Note: By convention, this document uses:

$SPLUNK_HOME to identify the path to your Splunk installation.
$SPLUNK_HOME/bin/ to indicate the location of the command line interface.

Startup options

The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

For more information, refer to Splunk startup options

If this is an upgrade to 3.2 or later, you have the option of reviewing changes to be made to your configuration files during migration. Refer to the upgrade instructions for more details.

Launch Splunk Web and log in

After you start Splunk and accept the license agreement,

1. In a browser window, access Splunk Web at http://mysplunkhost:port, where:

mysplunkhost is the host machine.
port is the port you specified during the installation (8000).

Manage your license

If you are performing a new installation of Splunk or switching from one license type to another, you must update your license.

Uninstall Splunk

Use your local package management commands to uninstall Splunk. In most cases, files that were not originally installed by the package are retained. These files include your configuration and index files which are under your installation directory.

pkgrm splunk

If you can't use package management commands, follow the instructions for manually uninstalling Splunk components.

Windows installation

This topic provides detailed instructions for installing Splunk on Windows.
If you are upgrading Splunk for Windows, refer to the upgrade instructions.

Install Splunk

The Windows installer is an MSI file.

Important: Currently, you can only install the Splunk Windows version as an existing user. This user must be a member of local administrator group. The 'Create user' option does not work correctly. This will be resolved in a near-term maintenance release.

1. To start the installer, double-click the splunk.msi file.
The Welcome panel is displayed.

2. To begin the installation, click Next.

Note: On each panel, you can click Next to continue, Back to go back a step, or Cancel to close the installer.

The licensing panel is displayed.

3. Read the licensing agreement and select "I accept the terms in the license agreement". Click Next to continue installing.
The Customer Information panel is displayed.

4. Enter the requested details and click Next.
The Destination Folder panel is displayed.

Note: Splunk is installed by default into the \Program Files\Splunk.

5. Click Change... to specify a different location to install Splunk, or click Next to accept the default value.
The Logon Information panel is displayed.

Splunk installs and runs two Windows services, splunkd and splunkweb. These services will be installed and run as the user you specify on this panel. You can choose to run Splunk as the local system user, or as a user with additional credentials.
The user Splunk runs as must have permissions to:

Run as a service
Read whatever files you are configuring it to monitor
Write to Splunk's directory

Note: If you install as the local system user, some network resources may not be available to the Splunk application. Contact your systems administrator for advice if you are unsure what user to specify.

6. Select a user type and click Next.
If you specified the local system user, proceed to step 8. Otherwise, the Logon Information: specify a username and password panel is displayed.

7. Specify a username and password to install and run Splunk and click Next.

To create a new user for Splunk to use, click New User Information... and specify details.
To use an existing user, enter or browse for the username and domain details.

The pre-installation summary panel is displayed.

8. Click Install to proceed.
The installer runs and displays the Installation Complete panel.

9. Check the boxes to run Splunk and Splunk Web now. Select which Windows event logs you would like Splunk to index right away. Click FInish.

Start Splunk

On Windows, Splunk is installed by default into \Program Files\Splunk

You can start and stop the following Splunk processes via the Windows Services Manager:

Server daemon: splunkd
Web interface: splunkweb

You can also start, stop, and restart both processes at once by going to \Program Files\Splunk\bin and typing

#  splunk.exe [start|stop|restart]

Note: If you chose not to index one or more of the Windows event logs by unchecking the box(es) at the end of the installation process, and want to begin indexing later, edit $SPLUNK_HOME/etc/bundles/local/inputs.conf as described in Configure inputs via inputs.conf.

Important: You must use two backslashes \\ to escape wildcards in stanza names in inputs.conf.

Install or upgrade license

If you are performing a new installation of Splunk or switching from one license type to another, you must update your license.

Uninstall Splunk

To uninstall Splunk, use the Add or Remove Programs option in the Control Panel.

License management

All Splunk servers require a license; Splunk provides two types of licenses, a Free license and an Enterprise license. Splunk ships with a Free license.

The first time you download Splunk, you are asked to register. Your registration authorizes you to receive the Free license, which allows a maximum indexing volume of 500 MB/day. The Free license is not a trial license and does not expire.

The Enterprise license enables higher data indexing volume and the following additional features:

Multiple user accounts and access controls.
Distributed search and data routing.
Deployment management.

To evaluate Enterprise features before purchasing, you can request a 30-day trial Enterprise license.

Important: You cannot use the same Enterprise license on multiple servers. Each instance of Splunk (including forwarders) must have its own unique license, whether a Free license or an Enterprise license. The only exception to this is the 1 MB/day forward-only license that can be installed on multiple forwarding instances. For more information, read About Splunk licenses.

Access your license

All Splunk servers have a license located in $SPLUNK_HOME/etc/, whether it is a Free license (splunk-free.license) or an Enterprise license (splunk.license).

Example of a Splunk license

user@company.com;EQ/GQXW/J7u9VLJShPsW4m8yi+5a+geRrof4Bep70j32xsBpq
JItM5pdntRfl4auply366BAjTMnfTB6JyzJOZLplyBQijk02fQjgKjakl0ol4N5G6Wr
09ufnSe3iOXVAay24hzFfgDkaijOnkoGOPJqnHaVzaWC9dxIuKUvDPt3UcKTkDv0Gka
Q4EZxAvZKAFImvOF4PmDoNaMiBgLLkWibGhezFTTDh10PLl9kyeVThGzAyN23J512pVM
3xqNIg3pFcd2aJf31xspt1HRdSwofkfnuCVpzildy3qMbae4g85KpCfND+aJ6z2LoUu3
RQ4OV4SpxMXEZ4PgSGZ6dwA==

Where is your new license?

When you request a new license, you should receive the license in an email from Splunk. You can also access that new license in your splunk.com My Orders page. To install a new license (or change and update your existing license), replace your existing license with the new license.

You can install and update your licenses from Splunk Web's Admin > License & Usage page or with the CLI.

Note: These instructions are for Splunk 3.0 and later, for earlier versions, see 2.2.3 instructions.

Install via Splunk Web

To install or update your license using Splunk Web:

1. Start Splunk and open Splunk Web in a supported browser.

2. On the upper righthand corner of any of the dashboards, click Admin.

3. Click License & Usage.
The Admin > License & Usage page displays your license level, peak usage and license violations.

4. Click Change License.
The License & Usage: Change License page opens and displays your existing license key or splunk.license file.

5. Copy your new license key and paste (overwrite) the existing license.

6. Click Save.

7. Restart your Splunk server to apply your new license.
Note: You can restart your server from Splunk Web. On the Admin > Server: Control Server page, click Restart Now.

Install via CLI

To install or update your license using the CLI:

1. Create a new file named splunk.license.

2. Copy your new license key and paste it into splunk.license.

3. Move your license file, splunk.license, into the $SPLUNK_HOME/etc/ directory:

mv splunk.license $SPLUNK_HOME/etc/

Note: If a splunk.license file already exists in this directory, mv will overwrite it without prompting for confirmation of the action. This does not overwrite the Free license, splunk-free.license. However, by default Splunk ignore the Free license file if splunk.license exists.

4. Restart your Splunk server to apply your new license:

$SPLUNK_HOME/bin/splunk restart

First login after applying new trial/Enterprise license

To log in for the first time after applying an Enterprise license (converting from free), use the default username "admin" with the password "changeme". If you later clean (reset) your user data, your username/password is reset to this default.

License violations

Violations occur when you exceed the maximum indexing volume allowed for your license. If you exceed your licensed daily volume on any one calendar day, you will get a violation warning. The message persists for 14 days. If you have more than 7 violations in a rolling 30-day period, search will be disabled. Search capabilities return when you have less than 7 violations in the previous 30 days or when you apply a new license with a larger volume limit.

Note: During a license violation period, Splunk does not stop indexing your data. Splunk only blocks access while you exceed your license.

If you have other issues with your license, refer to the Admin Manual for troubleshooting tips.

Install Splunk Enterprise Manager

Get stats on your Splunk!
Splunk Enterprise Manager provides visibility into the connectivity of Splunk forwarders to one or more indexers, the availability of Splunk forwarders and indexers, the data volumes passed by forwarders and the data volumes consumed by indexers. You can get it by going to:
http://www.splunkbase.com/apps/All/Operations/Server_Management/app:Splunk+Enterprise+Manager.

Install from the Splunk Admin-->Applications page in Splunk Web following the instructions in "Installing Splunk Applications" in the Admin Guide.

By default, the dashboard that Enterprise Manager adds to Splunk is only viewable by the "admin" user, but you can change this in prefs.conf using the information in "Configure application directories" in the Admin Guide.

Install Splunk Toolbar

Install Splunk toolbar for Firefox

Splunk toolbar for Firefox is available from the following locations:

Splunk.com toolbar download page
In the following Splunk server directory: $SPLUNK_HOME/share/splunk/extras/splunkbar/

Install from download page

1. On the toolbar download page, click the link for the Firefox toolbar.
You'll see a warning message, stating that Firefox prevented this site from asking you to install software. This is expected behavior.

2. Click Edit Options....

3. In the Allowed Sites dialog, click Allow.

www.splunk.com is listed as a trusted site.

4. Close the dialog box.
Firefox asks you whether you want to install the toolbar.

5. Click Install Now.

If the following dialog box is not displayed, refresh the browser page.

6. Click Restart Firefox to complete installation.
The toolbar is installed and visible below Firefox's address bar, and also in the Firefox Tools > Add-ons menu.

Install from Splunk server

1. In Firefox, click File > Open File....

2. Point the Open File dialog box to: $SPLUNK_HOME/share/splunk/extras/splunkbar/splunktoolbar.xpi .
Firefox asks you whether you want to install the toolbar.

3. Click Install Now.

4. Restart Firefox.
The toolbar is installed and visible below Firefox's address bar, and also in the Firefox Tools > Add-ons menu.

Uninstall Splunk Toolbar

1. Start Firefox.

2. In Firefox, click Tools > Add-ons.
The Splunk Toolbar is one of the items listed.

3. Select it and click Uninstall.

4. Follow the prompts and restart Firefox.

The toolbar is removed from Firefox. You can verify by checking Tools > Add-ons.

Install Splunk toolbar for Internet Explorer (beta)

Note: This software is currently in beta. If you encounter any problems running the software or have any comments on its functionality, contact our support team.

The Splunk toolbar is available from the following locations:

Splunk.com toolbar download page.
In the following Splunk directory: $SPLUNK_HOME/share/splunk/extras/splunkbar/ .

Install from download page

1. On the toolbar download page, click the link for the Internet Explorer toolbar.
If you are using Internet Explorer, you might see a warning message stating that Internet Explorer blocked this site from downloading files. This is expected behavior.

2. Click on the information bar at the top of the page

3. In the drop-down menu, click Download File....

4. Internet Explorer asks you whether you want to save or open the file. Click Run.

5. On the Security warning window, Click Run

6. You may see a warning that you need to install the .NET Framework. Click Yes to continue the .NET installation.
You can also visit the Microsoft .NET site to complete the installation. If you don't see this message, continue to the next step.

7. After installing the .Net framework return to Step 1 and run the toolbar installer again. You shouldn't see the warning message anymore.

8. The toolbar installation wizard is launched. Follow the instructions of the wizard:

The Splunk toolbar is now visible below Internet Explorer's address bar, and also in the View > Toolbars menu

Install from Internet Explorer

1. From Internet Explorer, select File > Open File....

2. Point the Open File dialog box to: $SPLUNK_HOME/share/splunk/extras/splunkbar/SplunkIEToolbarSetup.msi .

3. Internet Explorer asks you whether you want to download the file. Follow the instructions above to install the toolbar.
The Splunk Toolbar is now visible below Internet Explorer's address bar, and also in the View > Toolbars menu.

Uninstall Internet Explorer toolbar

1. From the Start menu, choose Control Panel > Add or Remove programs.

2. From the list of currently installed programs, select Splunk toolbar for Internet Explorer.

3. Follow the prompts.
The toolbar is removed from Internet Explorer. You can verify by checking Internet Explorer's View > Toolbars menu.

Advanced Installation Topics

Configure Splunk before startup

This topic discusses optional configurations you may want to include in your Splunk work environment.

Note: (If you have administrator or root privileges) To save a lot of typing, add the top level directory of your Splunk installation to your shell path. The $SPLUNK_HOME variable refers to the top level directory. Set a SPLUNK_HOME environment variable and add $SPLUNK_HOME/bin to your shell's path. The example below works for bash users who accepted the default installation location. Use the correct syntax and path for your own installation.

# export SPLUNK_HOME=/opt/splunk
# export PATH=$SPLUNK_HOME/bin:$PATH

The full path to the Splunk executable is provided in these instructions regardless.

To start at boot time

Splunk provides a utility that updates your system boot configuration so that Splunk starts when the system boots up. This utility creates a suitable init script (or makes a similar configuration change, depending on your OS).

As root, run:

$SPLUNK_HOME/bin/splunk enable boot-start

If you don't start Splunk as root, you can pass in the -user parameter to specify which user to start Splunk as. For example, if Splunk runs as the user bob, then as root you would run:

$SPLUNK_HOME/bin/splunk enable boot-start -user bob

If you want to stop Splunk from running at system startup time, run:

$SPLUNK_HOME/bin/splunk disable boot-start

More information is available in $SPLUNK_HOME/etc/init.d/README and if you type help boot-start from the command line.

To bind to an IP

In Splunk 2.1 and all later versions, you can force Splunk to bind its ports to a specified IP address. To make this a temporary change, set the environment variable SPLUNK_BINDIP=<ipaddress> before starting Splunk.

If you want this to be a permanent change in your working environment, modify $SPLUNK_HOME/etc/splunk-launch.conf to include the SPLUNK_BINDIP attribute and <ipaddress> value. For example, to bind Splunk ports to 127.0.0.1, splunk-launch.conf should read:

# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory this configuration
# file was found in
#
# SPLUNK_HOME=/opt/splunk

SPLUNK_BINDIP=127.0.0.1

This will affect the binding address of all ports opened by splunk and splunkweb, including the http server, and network inputs.

Note: You can also use splunk-launch.conf to define $SPLUNK_HOME and $SPLUNK_DB.

Run Splunk as non-root user

Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure Splunk has the appropriate permissions to:

Read the files and directories it is configured to watch. Some log files and directories may require root or superuser access to be indexed.
Write to Splunk's directory and execute any scripts configured to work with your alerts or scripted input.
Bind to the network ports it is listening on (ports below 1024 are reserved ports that only root can bind to).

Note: Splunk will not accept syslog data over port 514 (the default listening port for UDP). This does not mean that Splunk cannot listen on UDP 514; you can add UDP 514 as a data input.

Instructions

To run Splunk as a non-root user, you need to first install Splunk as root. Then, before you start Splunk for the first time, change the ownership of the splunk directory to the desired user. The following are instructions to install Splunk and run it as a non-root user, splunk.

1. Create the user and group, splunk.
For Linux, Solaris, and FreeBSD:

useradd splunk
groupadd splunk

For Mac OS:
You can use the System Preferences > Accounts panel to add users and groups.

2. As root and using one of the packages (not a tarball), run the installation.
Important: Do not start Splunk yet.

3. Use the chown command to change the ownership of the splunk directory and everything under it to the desired user.

chown -R splunk $SPLUNK_HOME/

Note: $SPLUNK_HOME refers to installation directory of Splunk.

4. Start Splunk.

$SPLUNK_HOME/bin/splunk start

Also, if you want to start Splunk as the splunk user while you are logged in as a different user, you can use the sudo command:

sudo -H -u splunk $SPLUNK_HOME/bin/splunk start

This example command assumes:

If Splunk is installed in an alternate location, update the path in the command accordingly.
Your system may not have sudo installed. If this is the case, you can use su.
If you are installing using a tarball and want Splunk to run as a particular user (such as splunk), you must create that user manually.
The splunk user will need access tp /dev/urandom to generate the certs for the product.

Solaris 10 privileges

When installing on Solaris 10 as the splunk user, you must set additional privileges to start splunkd and bind to reserved ports.

To start splunkd as the splunk user on Solaris 10, run:

# usermod -K defaultpriv=basic,net_privaddr,proc_exec,proc_fork splunk

To allow the splunk user to bind to reserved ports on Solaris 10, run (as root):

# usermod -K defaultpriv=basic,net_privaddr splunk

Configure SELinux

If you have SELinux active on your system, you must add Splunk to the list of authenticated applications that can run in your SELinux environment.

To configure SELinux to allow Splunk to run, you need to run the chcon command on the Splunk lib directory, where $SPLUNK_HOME is the path to your Splunk installation:

chcon -c -v -R -u system_u -r object_r -t lib_t $SPLUNK_HOME/lib 2>&1 > /dev/null

After you configure SELinux to allow Splunk to run, you can disable the check from occurring each time you start Splunk. To disable the SELinux check, add this line to $SPLUNK_HOME/etc/splunk-launch.conf:

SPLUNK_IGNORE_SELINUX=1

Important: Depending on the SELinux distribution, if you turn off the check before configuring SELinux, Splunk may not function properly.

Uninstall Splunk manually

This topic discusses how to remove installed components of Splunk if you can't use package management commands.

Note: These will not remove any init scripts that have been created.

1. Stop Splunk.

$SPLUNK_HOME/bin/splunk stop

2. Find and kill any lingering processes that contain "splunk" in its name.
For Linux and Solaris:

kill -9 `ps -ef | grep splunk | grep -v grep | awk '{print $2;}'`

For FreeBSD and Mac OS

kill -9 `ps ax | grep splunk | grep -v grep | awk '{print $1;}'`

3. Remove the Splunk installation directory, $SPLUNK_HOME.

rm -rf /opt/splunk

3. Remove any Splunk datastore or indexes outside the top-level directory, if they exist.

rm -rf /opt/splunkdata

4. Delete the splunk user and group, if they exist.
For Linux, Solaris, and FreeBSD:

userdel splunk
groupdel splunk

For Mac OS:
You can use the System Preferences > Accounts panel to manage users and groups.

Upgrade Instructions

Upgrade and migrate to 3.2

You can upgrade and migrate directly to Splunk 3.2 from versions 3.0 and later. If you are currently running a version of Splunk that is older than 3.0, refer to this documentation for options.

When you upgrade to 3.2, your configuration files will be updated and changed to support the new functionality in 3.2. You can run the migration preview utility to see what will be changed before you actually upgrade and migrate.

Important: Before you perform the upgrade:

Review these migration considerations.
Back up your files.

1. Execute the $SPLUNK_HOME/bin/splunk stop command.

2. To upgrade and migrate from version 3.0 and later, install the Splunk 3.2 package over your existing Splunk deployment.

If you are using a TAR file, expand it into the same directory as your existing Splunk instance. This overwrites and replaces matching files but does not remove unique files.

If you are using a package manager, such as an RPM:

rpm -U splunk_package_name.rpm

3. Execute the $SPLUNK_HOME/bin/splunk start command.
The following output is displayed:

This appears to be an upgrade of Splunk.

--------------------------------------------------------------------------------

Splunk has detected an older version of Splunk installed on this machine. To
finish upgrading to the new version, Splunk\'s installer will automatically
update and alter your current configuration files. Deprecated configuration
files will be renamed with a .deprecated extension.

You can choose to preview the changes that will be made to your configuration
files before proceeding with the migration and upgrade:

If you want to migrate and upgrade without previewing the changes that will be
made to your existing configuration files, choose \'y\'.
If you want to see what changes will be made before you proceed with the
upgrade, choose \'n\'.

Perform migration and upgrade without previewing configuration changes? [y/n]

4. You're given the choice of running the migration preview script to see what changes will be made to your existing configuration files, or proceeding with the migration and upgrade right away.

5. If you choose to view the expected changes, the script provides a list.

6. Once you've reviewed these changes and are ready to proceed with migration and upgrade, run $SPLUNK_HOME/bin/splunk start again.

Note: You can complete Steps 3 to 5 in one line:

To accept the license and view the expected changes (answer 'n') before continuing the upgrade:

$SPLUNK_HOME/bin/splunk start --accept-license --answer-no

To accept the license and begin the upgrade without viewing the changes (answer 'y'):

$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes

Upgrade Splunk on Windows

Important: Before you upgrade:

Review these migration considerations.
Back up your files.
Stop Splunk either using the Windows Start menu option or by executing the $SPLUNK_HOME/bin/splunk stop command.
Be aware that you cannot change the user Splunk runs as during an upgrade. Do not change the user from the Windows Service Control panel; Splunk will stop working. If you must change the user, you must uninstall and reinstall Splunk.

1. Download the new MSI file from the Splunk download page.

2. Double-click the MSI file.
The Welcome panel is displayed. Follow the onscreen instructions to upgrade Splunk.
For information about each panel, refer to the installation instructions.
When you reach the Install step, you have the option to preview changes that will be made for this upgrade.

3. Preview your upgrade and migration if desired.

When you upgrade, your configuration files are updated and changed to support the new functionality. You can run the migration preview utility to see what will be changed before you actually upgrade and migrate. When you do this, a file containing the changes that the script proposes to make is written to $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>

The following text is displayed:

This appears to be an upgrade of Splunk.

--------------------------------------------------------------------------------

Splunk has detected an older version of Splunk installed on this machine. To
finish upgrading to the new version, Splunk\'s installer will automatically
update and alter your current configuration files. Deprecated configuration
files will be renamed with a .deprecated extension.

You can choose to preview the changes that will be made to your configuration
files before proceeding with the migration and upgrade:

If you want to migrate and upgrade without previewing the changes that will be
made to your existing configuration files, choose \'y\'.
If you want to see what changes will be made before you proceed with the
upgrade, choose \'n\'. 

Perform migration and upgrade without previewing configuration changes? [y/n]

Important: If you are upgrading to 3.3.2 or later and you have made manual changes to the $SPLUNK_HOME/etc/system/local/inputs.conf file, make a backup copy of this file to compare the full migration changes, including any changes to Windows-specific type data inputs, after the process is complete. Some global settings (like "host = foohost") may not be preserved. See the Known issues for version 3.3.2 for details.

4. You're given the choice of running the migration preview script to see what changes will be made to your existing configuration files, or proceeding with the migration and upgrade right away.

5. If you choose to view the expected changes (select N), the script provides a list.
You can scroll up to review the changes or look at them in $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>. At the end of the list, you will see an error message, which you can ignore.

6. Press Enter to return to step 3 and finish your upgrade by typing Y.

Start Splunk

On Windows, Splunk is installed by default into \Program Files\Splunk

You can start and stop the following Splunk processes via the Windows Services Manager:

Server daemon: splunkd
Web interface: splunkweb

You can also start, stop, and restart both processes at once by going to \Program Files\Splunk\bin and typing

#  splunk.exe [start|stop|restart]

Note: If you do not select Start Splunk Services now, they will be set to manual startup and therefore will not start after a reboot. You must start them from the Windows Service Manager MMC, and optionally configure auto-start if you want them to start automatically at boot time.

Important: After upgrading, Splunk may start reading some files incorrectly as binaries. You can override this behavior in props.conf by adding NO_BINARY_CHECK = true to the source or sourcetype stanza.

Migration considerations

This topic discusses various issues and considerations you should review before upgrading to Splunk 3.2.
You should also review the Known Issues for additional information before you upgrade.

Scripts in /splunk/bin are not saved

If you have configured an alert to call a script, that script resides in $SPLUNK_HOME/bin/scripts. Make a backup of these scripts and reinstate them after the upgrade.

Saved searches

Be aware of the following regarding saved searches:

If the search contains fixed scheduling, and actually takes longer to run than the interval allows, the search will not work.
If your search contains foo=bar and you have an indexed field configured from previous versions as foo::bar, your search will fail if bar isn't anywhere in the raw data of an event. Make saved searches that fail for this reason work by either:
- adding or changing INDEXED = True or INDEXED_VALUE = False in the stanza for foo in fields.conf.
- changing your search in the search bar by replacing foo=bar with foo::bar.
Metadata commands like | admin or | metaevents are not supported, and will generate a warning.

Changes to indexes.conf

If you have made changes to the default values in indexes.conf, the configuration will not migrate. Make a backup of your changes and re-add them post-upgrade.

Must upgrade all instances of Splunk in a distributed environment

As mentioned in the Known Issues, you must upgrade all members of your distributed cluster to the same version.

Instances of Splunk deployment server must match clients

As mentioned in the Known Issues, if you are running Splunk's deployment server, you must upgrade the deployment server and all its clients to the same version. Splunk recommends that you upgrade your Splunk deployment server first, before you migrate your other Splunk instances.

If you are unable to migrate all clients at one time, you can set up two deployment servers, one for your new 3.2.x clients, and one for your 3.1.x clients. This way, you can move each client over to communicate with the 3.2.x deployment server as you are able to upgrade it.

Help

Getting Help

The most in-depth documentation for Splunk is within the set of manuals you're currently reviewing. However, you can also get help within Splunk Web and the command line interface.

Accessing help in Splunk Web

Click Help in Splunk Web to launch a set of help pages.

Accessing help in the command line (CLI)

From the command line on your Splunk Server host, type:

$SPLUNK_HOME/bin/splunk help

How can I learn more about Splunk's advanced features?

The best way to explore advanced features is to take the tutorial

You can also explore the command line interface using its inline help. To get started, type:

$SPLUNK_HOME/bin/splunk help

I lost my Splunk.com password. What do I do?

Use the recover password feature of the site to have your username and/or password emailed to the address on record.

How do I report problems?

Submit your issue with on our online case submission form or email us at support@splunk.com.

How can I make suggestions?

You can always send an email to our support team at support@splunk.com. Also check out our Live Roadmap where you can vote on upcoming features.

I have some questions that aren't answered here. Where can I get help?

Start with our Documentation.

For help from experienced Splunkers, come to our Wiki and check out what other people have done with their Splunk deployments.

For help -- yes, it's free! -- from the Splunk Support team, submit an online support case (you must be a registered user and log in to use this service). You can also use our IRC support channel. The channel name is #splunk on the EFnet IRC (irc.efnet.org) network.

Splunk customers with an enterprise license have additional premium support options. For full information on our support offerings, click here.

Reference

File Manifest

A complete inventory of the files and permissions that ship with your Splunk installation can be found in the root directory. For reference the manifest for each platform is available here:

PGP Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (GNU/Linux)

mQGiBEbE21QRBADEMonUxCV2kQ2oxsJTjYXrYCWCtH5/OnmhK5lT2TQaE9QUTs+w
nM3sVInQqwRwBDH2qsHgqjJS0PIE867n+lVuk0gSVzS5SOlYzQjnSrisvyN452MF
2PgetHq8Lb884cPJnxR6xoFTHqOQueKEOXCovz1eVrjrjfpnmWKa/+5X8wCg/CJ7
pT7OXHFN4XOseVQabetEbWcEAIUaazF2i2x9QDJ+6twTAlX2oqAquqtBzJX5qaHn
OyRdBEU2g4ndiE3QAKybuq5f0UM7GXqdllihVUBatqafySfjlTBaMVzd4ttrDRpq
Wya4ppPMIWcnFG2CXf4+HuyTPgj2cry2oMBm2LMfGhxcqM5mpoyHqUiCn7591Ra/
J2/FA/0c2UAUh/eSiOn89I6FhFOicT5RPtRpxMoEM1Di15zJ7EXY+xBVF9rutqhR
5OI9kdHibYTwf4qjOOPOA7237N1by9GiXY/8s+rDWmSNKZB+xAaLyl7cDhYMv7CP
qFTutvE8BxTsF0MgRuzIHfJQE2quuxKJFs9lkSFGuZhvRuwRcrQgS2ltIFdhbGxh
Y2UgPHJlbGVhc2VAc3BsdW5rLmNvbT6IXgQTEQIAHgUCRsTbVAIbAwYLCQgHAwID
FQIDAxYCAQIeAQIXgAAKCRApYLH9ZT+xEhsPAKDimP8sdCr2ecPm8mre/8TK3Bha
pQCg3/xEickiRKKlpKnySUNLR/ZBh3m5Ag0ERsTbbRAIAIdfWiOBeCj8BqrcTXxm
6MMvdEkjdJCr4xmwaQpYmS4JKK/hJFfpyS8XUgHjBz/7zfR8Ipr2CU59Fy4vb5oU
HeOecK9ag5JFdG2i/VWH/vEJAMCkbN/6aWwhHt992PUZC7EHQ5ufRdxGGap8SPZT
iIKY0OrX6Km6usoVWMTYKNm/v7my8dJ2F46YJ7wIBF7arG/voMOg1Cbn7pCwCAtg
jOhgjdPXRJUEzZP3AfLIc3t5iq5n5FYLGAOpT7OIroM5AkgbVLfj+cjKaGD5UZW7
SO0akWhTbVHSCDJoZAGJrvJs5DHcEnCjVy9AJxTNMs9GOwWaixfyQ7jgMNWKHJp+
EyMAAwYH/RLNK0HHVSByPWnS2t5sXedIGAgm0fTHhVUCWQxN3knDIRMdkqDTnDKd
qcqYFsEljazI2kx1ZlWdUGmvU+Zb8FCH90ej8O6jdFLKJaq50/I/oY0+/+DRBZJG
3oKu/CK2NH2VnK1KLzAYnd2wZQAEja4O1CBV0hgutVf/ZxzDUAr/XqPHy5+EYg96
4Xz0PdZiZKOhJ5g4QjhhOL3jQwcBuyFbJADw8+Tsk8RJqZvHfuwPouVU+8F2vLJK
iF2HbKOUJvdH5GfFuk6o5V8nnir7xSrVj4abfP4xA6RVum3HtWoD7t//75gLcW77
kXDR8pmmnddm5VXnAuk+GTPGACj98+eISQQYEQIACQUCRsTbbQIbDAAKCRApYLH9
ZT+xEiVuAJ9INUCilkgXSNu9p27zxTZh1kL04QCg6YfWldq/MWPCwa1PgiHrVJng
p4s=
=Mz6T
-----END PGP PUBLIC KEY BLOCK-----

Installing the key

Copy and paste the key into a file. Install the key using:

rpm --import <filename>