Start and stop Splunk
Contents
Start and stop Splunk
This topic provides brief instructions for starting Splunk. If you are new to Splunk, we recommend reviewing the User Manual first.
Start Splunk on Windows
On Windows, Splunk is installed by default into C:\Program Files\Splunk. Many examples in the Splunk documentation use $SPLUNK_HOME to indicate the Splunk installation, or home, directory. You can replace the string $SPLUNK_HOME (and the Windows variant %SPLUNK_HOME%) with C:\Program Files\Splunk if you installed Splunk into the default directory.
You can start and stop Splunk on Windows in one of the following ways:
1. Start and stop Splunk processes via the Windows Services control panel (accessible from Start -> Control Panel -> Administrative Tools -> Services)
- Server daemon:
splunkd - Web interface:
splunkweb
2. Start and stop Splunk services from a command prompt by using the NET START <service> or NET STOP <service> commands:
- Server daemon:
splunkd - Web interface:
splunkweb
3. Start, stop, and restart both processes at once by going to %SPLUNK_HOME%\bin and typing
> splunk [start|stop|restart]
Start Splunk on UNIX
Start Splunk
From a shell prompt on the Splunk sever host, run this command:
# splunk start
This starts both splunkd (indexer and other back-end processes) and splunkweb (the Splunk Web interface). To start them individually, type:
# splunk start splunkd
or
# splunk start splunkweb
Note: If startwebserver is disabled in web.conf, manually starting splunkweb does not override that setting. If it is disabled in the configuration file, it will not start.
To restart Splunk (splunkd or splunkweb) type:
# splunk restart
# splunk restart splunkd
# splunk restart splunkweb
Stop Splunk
To shut down Splunk, run this command:
# splunk stop
To stop splunkd and Splunk Web individually, type:
# splunk stop splunkd
or
# splunk stop splunkweb
Check if Splunk is running
To check if Splunk is running, type this command at the shell prompt on the server host:
# splunk status
You should see this output:
splunkd is running (PID: 3162). splunk helpers are running (PIDs: 3164). splunkweb is running (PID: 3216).
Note: On Unix systems, you must be logged in as the user who runs Splunk to run the splunk status command. Other users cannot read the necessary files to report status correctly.
You can also use ps to check for running Splunk processes:
# ps aux | grep splunk | grep -v grep
Solaris users, type -ef instead of aux:
# ps -ef | grep splunk | grep -v grep
Restart Splunk from Splunk Web
You can also restart Splunk from Splunk Web:
1. Navigate to Manager > Server controls.
2. Click Restart Splunk.
This will restart both the splunkd and splunkweb processes.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 , 5.0.3 View the Article History for its revisions.