Windows installation
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Windows installation
This topic provides detailed instructions for installing Splunk on Windows. If you're installing Splunk on another platform, go here.
Splunk is installed by default into \Program Files\Splunk.
Important: Currently, you can only install the Splunk Windows version as the user you are currently logged in as. This user must be a member of local administrator group.
Before you begin, confirm that the machine you're planning to use satisfies the minimum system requirements. Then:
1. Go to the download page at www.splunk.com and download the latest build of the Windows port.
2. When you have the splunk.msi file, double-click it to start the installer.
The Welcome panel is displayed.
3. Click Next to begin the installation.
Note: On each panel, you can click Next to continue, Back to go back a step, or Cancel to close the installer.
The licensing panel is displayed.
4. Read the licensing agreement, select "I accept the terms in the license agreement", and click Next to continue installing.
The Customer information panel is displayed.
5. Enter the requested details and click Next.
The Destination folder panel is displayed.
6. Click Change.. to specify a different location to install Splunk, or click Next to accept the default value.
The Logon information panel is displayed.
Splunk installs and runs two Windows services, splunkd and splunkweb. These services will be installed and run as the user you specify on this panel. You can choose to run Splunk as the local system user, or as a user with additional credentials.
Note: If you install as the local system user, some network resources may not be available to the Splunk application. Contact your systems administrator for advice if you are unsure what user to specify.
7. Select a user type and click Next.
Important: Currently, you can only install the Splunk Windows port as the user you are currently logged in as. This will be resolved in a near-term maintenance release.
If you specified the local system user, proceed to step 9. Otherwise, the Logon information: specify a username and password panel is displayed.
8. Specify a username and password for Splunk to be installed and run as and click Next.
- To create a new user for Splunk to use, click New User Information... and specify details.
- To use an existing user, enter, or browse for the username and domain details.
The pre-installation summary panel is displayed.
9. Click Install to proceed.
The installer runs and displays the Installation complete panel.
10. Check the boxes to run Splunk and Splunk Web now, and to select which Windows event logs you would like Splunk to index right away, and then click Finish.
Get started with the Splunk Windows port
The installer creates an icon on your desktop and also adds items to the Windows Start menu. You can use these, the command line interface, or the Windows Service Manager to start, stop, and restart Splunk.
Note: If you chose not to index one or more of the Windows event logs by unchecking the box(es) at the end of the installation process, and want to begin indexing later, edit $SPLUNK_HOME/etc/bundles/local/inputs.conf as described in Configure inputs via inputs.conf.
Important: You must use two backslashes \\ to escape wildcards in stanza names in inputs.conf.
Install your Splunk license
Refer to the instructions for installing your license to install or update your Splunk license.
This documentation applies to the following versions of Splunk: 3.1.3 , 3.1.4 , 3.2 , 3.2.1 View the Article History for its revisions.