Start Splunk on UNIX
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Start Splunk on UNIX
This topic provides a brief instruction for starting Splunk. If you are new to Splunk, we recommending reviewing the User Manual first.
Note: The HP-UX and AIX versions of Splunk do not register themselves to auto-start on reboot.
Start Splunk
From a shell prompt on the Splunk sever host, run this command:
# splunk start
This starts both splunkd (indexer and other back-end processes) and splunkweb (the Splunk Web interface). To start them individually, type:
# splunk start splunkd
or
# splunk start splunkweb
Note: If startwebserver is set in web.conf, manually starting splunkweb does not override that setting. If it is disabled in the configuration file, it will not start.
To restart Splunk (splunkd or splunkweb) type:
# splunk restart
# splunk restart splunkd
# splunk restart splunkweb
Stop Splunk
To shut down Splunk, run this command:
# splunk stop
To stop splunkd and Splunk Web individually, type:
# splunk stop splunkd
or
# splunk stop splunkweb
Check if Splunk is running
To check if Splunk is running, type this command at the shell prompt on the sever host:
# splunk status
You should see this output:
splunkd is running (PID: 3162). splunk helpers are running (PIDs: 3164). splunkweb is running (PID: 3216).
Note: On Unix systems, you must be logged in as the user who runs Splunk to run the splunk status command. Other users cannot read the necessary files to report status correctly.
You can also use ps to check for running Splunk processes:
# ps aux | grep splunk | grep -v grep
Solaris users, type -ef instead of aux:
# ps -ef | grep splunk | grep -v grep
This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.