Step 0: Read this first
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
Step 0: Read this first
Step 1: Unpack the software
Each platform-specific installer comes in both a package form and a tarball. The Linux build comes in three forms: RPM, deb and tarball. The FreeBSD installer and tarball are both .tgz files. 5.4-intel is the installer, i386 is the tarball.
Follow the instructions for your specific package or tarball.
Tarball
- Unpack the tarball into an appropriate directory. Be sure the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.
- Then, follow the instructions in the README.txt file in the top-level directory, e.g. /opt/splunk/README.txt
RPM
Basic install:
rpm -i splunk-2.1-0.i386.rpm
Override the default installation directory /opt/splunk:
rpm -i --prefix=/opt/splunk2.1/splunk splunk-2.1-0.i386.rpm
deb
Basic install:
dpkg -i splunk-2.1-linux-2.6-intel.deb
The Splunk deb package currently cannot be installed in a directory other than its default, /opt/splunk.
Uninstall:
dpkg -r splunk
Purge (delete everything, even config files):
dpkg -P splunk
Splunk package status:
dpkg --status splunk
List all packages:
dpkg --list
FreeBSD
Basic install:
pkg_add splunk-2.1-freebsd-5.4-intel.tgz
Override the default installation directory /opt/splunk:
pkg_add -v -p /usr/splunk splunk-2.1-freebsd-5.4-intel.tgz
Uninstall:
pkg_delete splunk
Uninstall from a non-default directory:
pkg_delete -p /usr/splunk splunk
Splunk package info:
pkg_info -L splunk
List all packages:
pkg_info
Mac OS
Basic install:
- Double-click on splunk.pkg
Override the default installation directory /Applications/splunk:
- When the installer gets to the Select Destination dialog, click Choose... to select a directory other than /Applications
Command-line install:
installer -pkg splunk.pkg
Command-line install to a different disk or partition:
installer -pkg splunk.pkg -target /Volumes/LaCie\ Disk
-target specifies a target volume, such as another disk, where Splunk will be installed in /Applications/splunk .
To install into a directory other than /Applications/splunk on any volume, use the graphical installer as described above.
Solaris
Basic install:
pkgadd splunk.pkg
Override the default installation directory /opt/splunk:
pkgadd -d /user/splunk/splunk.pkg
Uninstall:
pkgrm splunk
Splunk package info:
pkginfo -l splunk
List all packages:
pkginfo
Step 2: Install your license
All Splunk Servers have a license in the subdirectory $SPLUNK_HOME/etc/splunk.license . There are two types of license; the Splunk Free license and the Splunk Enterprise license. Enterprise enables higher volume indexing and additional features. When you first install Splunk, you are allowed to run unlicensed for 30 days. After that you are asked to obtain a Free or Enterprise license. The free license simply requires you to register with Splunk. You are prompted to register when you first install and when you run Splunk unlicensed.
Here is an example of a Splunk license:
user@company.com;EQ/GQXW/J7u9VLJShPsW4m8yi+5a+geRrof4Bep70j32xsBpq JItM5pdntRfl4auply366BAjTMnfTB6JyzJOZLplyBQijk02fQjgKjakl0ol4N5G6Wr09ufnS e3iOXVAay24hzFfgDkaijOnkoGOPJqnHaVzaWC9dxIuKUvDPt3UcKTkDv0GkaQ4EZ xAvZKAFImvOF4PmDoNaMiBgLLkWibGhezFTTDh10PLl9kyeVThGzAyN23J512pVM 3xqNIg3pFcd2aJf31xspt1HRdSwofkfnuCVpzildy3qMbae4g85KpCfND+aJ6z2LoUu3 RQ4OV4SpxMXEZ4PgSGZ6dwA==
When you receive a new license, copy the license key file into ./etc/splunk.license beneath your Splunk home directory.
cp -p splunk.license /opt/splunk/etc/
Step 3: Start Splunking!
1. Start the server
/opt/splunk/bin/splunk start
(or whatever path you installed)
The first time you run a new installation, you will be prompted with a license agreement. You must accept the license terms to continue to use Splunk.
2. Load the Splunk GUI in your browser
(or whatever host and port you installed)
(Use username "admin" and password "changeme" to login to your new Splunk installation for the first time.)
3. Set up one or more data inputs
The first time you browse a new installation, you will see a Guided Setup tool that helps you set up data inputs, licenses, and other configuration options. Alternately, you can configure data inputs from the command line. Below is a typical example.
/opt/splunk/bin/splunk add tail /var/log
Your Splunk Server should show indexed data on its home page immediately after you add a data input. As soon as you see a number greater than "0 events" listed on the server's home page, you're ready to start Splunking!
Updating the license
If you switch from one license type to another (for example from Free to Enterprise), you must update your license. You can update your license from the CLI or SplunkWeb interface.
If you are installing a new Splunk enterprise license for the first time, you will need to log in with the default administrator account: username "admin" and password "changeme".
From a browser
- Go to the Admin -> License & Usage -> Change license interface tab. Paste your new license into the textarea box there.
- Go to the Admin -> Server -> Control tab. Restart the Splunk Server.
From the command line:
- Copy your new or previous license key file into
./etc/splunk.licensebeneath your Splunk home directory.
cp -p splunk.license /opt/splunk/etc/
- When the correct license is in place, start or restart the Splunk Server.
/opt/splunk/bin/splunk restart
This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 View the Article History for its revisions.