Installation in 3 Easy Steps
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
- Step 0: Read this first
- Updating a previous version?
- Troubleshooting an Installation
- Step 1: Unpack the software
- Tarball
- RPM
- deb
- ``FreeBSD``
- ``MacOS``
- Solaris
- Step 2: Install your license
- Step 3: Start Splunking!
- A. Start the server
- B. Load the Splunk GUI in your browser
- C. Set up one or more data inputs
- Updating the license
- Help
- Built-in
- At splunk.com
Installation in 3 Easy Steps
Step 0: Read this first
Updating a previous version?
- For 2.1.x and later servers see the 2.1.x to 2.1.2 update instructions.
- For 2.0.x servers in production use see the 2.0.x to 2.1.x migration instructions.
Troubleshooting an Installation
We've collected a list of known Installation Errors and their fixes. If you encounter any errors or warnings during the process - or anything that seems wrong - please check there first.
Step 1: Unpack the software
Each platform-specific installer comes in both a package form and a tarball. The Linux build comes in three forms: RPM, deb and tarball. The FreeBSD installer and tarball are both .tgz files. 5.4-intel is the installer, i386 is the tarball.
Follow the instructions for your specific package or tarball.
Tarball
- First, unpack the tarball into an appropriate directory. Be sure the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.
- Then, follow the instructions in the README.txt file in the top-level directory, e.g. /opt/splunk/README.txt to manually configure your installation path. The README file also contains information about starting Splunk for the first time and optionally configuring your system to start Splunk at boot.
RPM
- Basic install:
# rpm -i splunk-2.1-0.i386.rpm
- Override the default installation directory /opt/splunk:
# rpm -i --force --prefix=/opt/splunk2.1/splunk splunk-2.1-0.i386.rpm
deb
- Basic install:
# dpkg -i splunk-2.1-linux-2.6-intel.deb
The Splunk deb package currently cannot be installed in a directory other than its default, /opt/splunk.
- Uninstall:
# dpkg -r splunk
- Purge (delete everything, even config files):
# dpkg -P splunk
- Splunk package status:
# dpkg --status splunk
- List all packages:
# dpkg --list
``FreeBSD``
- Basic install:
# pkg_add splunk-2.1-freebsd-5.4-intel.tgz
- Override the default installation directory /opt/splunk:
# pkg_add -v -p /usr/splunk splunk-2.1-freebsd-5.4-intel.tgz
- Uninstall:
# pkg_delete splunk
- Uninstall from a non-default directory:
# pkg_delete -p /usr/splunk splunk
- Splunk package info:
# pkg_info -L splunk
- List all packages:
# pkg_info
``MacOS``
- Basic install:
Double-click on splunk.pkg
- Override the default installation directory /Applications/splunk:
When the installer gets to the Select Destination dialog, click Choose... to select a directory other than /Applications
- Command-line install:
# installer -pkg splunk.pkg
- Command-line install to a different disk or partition:
# installer -pkg splunk.pkg -target /Volumes/LaCie\ Disk
-target specifies a target volume, such as another disk, where Splunk will be installed in /Applications/splunk .
To install into a directory other than /Applications/splunk on any volume, use the graphical installer as described above.
Solaris
- Basic install:
# pkgadd splunk.pkg
- Override the default installation directory /opt/splunk:
# pkgadd -d /user/splunk/splunk.pkg
- Uninstall:
# pkgrm splunk
- Splunk package info:
# pkginfo -l splunk
- List all packages:
# pkginfo
Step 2: Install your license
All Splunk Servers have a license in the subdirectory ./etc/splunk.license . The free server has a built-in free license. A license for Splunk Professional enables higher volume indexing and Splunk Professional features.
Note: This is for splunk 2.2.3, for the beta and latest release, see 3.0 instructions.
<license>
<user>Billy_Name</user>
<expiration-date>2008-05-11 14:52:31</expiration-date>
<creation-date>2007-04-11 14:52:31</creation-date>
<bytelimit>5000 MB</bytelimit>
<version>Splunk Professional Annual</version>
<type>trial</type>
<licenseKey>nDwuRTC4rmUNzUtECtae3s5ukOAxqY7xSmT9DJbrO4eSttXA4bj37YfB8l+2VhZkCeQF3Wrb+7wTnykKP3CqlPkx0bwluj62gZWK3b9t9THeUBz5UE
8e3NiP1eqPu9wtofxubifxL4zkwzaxPuwzg/7YKsbkgWai8QBCJaKvUqIdi7IZ1l3JAK2qhqmsnxaOixEU3kxerB5w90AfpdiaSKD5v2orQZPQBWT+4tVZe8gQupeLi4t88Mi
SyqARgagE2Z6YV/D5/1HMlBFB4rrh16M8OGDeYy73m2uocCXhYq9sFJKN2zygTOyDuE1769NaJ4CWGRWlsk31S6R3HjUOVg==</licenseKey>
<productName>splunk</productName>
</license>
- Copy your new or previous license key file into
./etc/splunk.licensebeneath your Splunk home directory.
# cp -p splunk.license /opt/splunk/etc/
If you are installing a Splunk Professional license (including a free 30 day evaluation license) for the first time, you will need to log in with the default administrator account: username "admin" and password "changeme".
Step 3: Start Splunking!
A. Start the server
# /opt/splunk/bin/splunk start
(or whatever path you installed)
The first time you run a new installation, you will be prompted with a license agreement.
B. Load the Splunk GUI in your browser
(or whatever host and port you installed)
(Use username "admin" and password "changeme" to login to your new Splunk Professional installation for the first time.)
C. Set up one or more data inputs
The first time you browse a new installation, you will see a Guided Setup tool that helps you set up data inputs, licenses, and Splunk-2-Splunk configuration. Alternately, you can configure data inputs from the command line. Below is a typical example.
# /opt/splunk/bin/splunk add tail /var/log
Your Splunk Server should show indexed data on its home page immediately after you add a data input. As soon as you see a number greater than "0 events" listed on the server's home page, you're ready to start Splunking!
Updating the license
- From a browser
- Go to the Admin -> License & Usage -> Change license interface tab. Paste your new license into the textarea box there.
- Go to the Admin -> Server -> Control tab. Restart the Splunk Server.
- From the command line
- Copy your new or previous license key file into
./etc/splunk.licensebeneath your Splunk home directory.
- Copy your new or previous license key file into
# cp -p splunk.license /opt/splunk/etc/
When the correct license is in place, start or restart the Splunk Server.
# /opt/splunk/bin/splunk restart
Help
Built-in
The Splunk Server comes with three help resources built into its interface and served locally.
- Guided Setup
Splunk's Web interface has a built-in window that will walk you through basic setup of your data inputs, license installation, and Splunk-2-Splunk configuration.
- Browser-based Help
Splunk's Web interface has a blue (i) button labeled Help in its upper right corner. Click this button to pop up a built-in set of help pages.
Additionally, each page within the Admin area of the interface has blue (i) buttons next to the green title atop each group of controls. Click any one of these (i) buttons to go straight to the help for that part of the page.
- Command Line Help
From the command line on your Splunk Server host, type this command.
# /opt/splunk/bin/splunk help
At splunk.com
Go to splunk.com/r/support for a directory of all Splunk's help resources.
This documentation applies to the following versions of Splunk: 2.1 , 2.2 , 2.2.1 , 2.2.3 , 2.2.6 View the Article History for its revisions.