Documentation > Splunk > Admin Manual > Start and stop Splunk

Admin Manual

 


Welcome to Splunk administration
What to do first
Use Splunk Web
Getting started for Windows admins
Manage Splunk licenses
Meet Splunk apps
Configure Splunk
Indexing with Splunk
Manage users
Manage indexes
Define alerts
Set up backups and retention policies
Configure data security
Manage search jobs
Use Splunk's command line interface (CLI)
Configuration file reference
Troubleshooting

Start and stop Splunk

Contents

Start and stop Splunk

This topic provides brief instructions for starting Splunk. If you are new to Splunk, we recommend reviewing the User Manual first.

Start Splunk on Windows

On Windows, Splunk is installed by default into C:\Program Files\Splunk. Many examples in the Splunk documentation use $SPLUNK_HOME to indicate the Splunk installation, or home, directory. You can replace the string $SPLUNK_HOME (and the Windows variant %SPLUNK_HOME%) with C:\Program Files\Splunk if you installed Splunk into the default directory.

You can start and stop Splunk on Windows in one of the following ways:

1. Start and stop Splunk processes via the Windows Services control panel (accessible from Start -> Control Panel -> Administrative Tools -> Services)

  • Server daemon: splunkd
  • Web interface: splunkweb

2. Start and stop Splunk services from a command prompt by using the NET START <service> or NET STOP <service> commands:

  • Server daemon: splunkd
  • Web interface: splunkweb

3. Start, stop, and restart both processes at once by going to %SPLUNK_HOME%\bin and typing

> splunk [start|stop|restart]

Start Splunk on UNIX

Start Splunk

From a shell prompt on the Splunk sever host, run this command:

# splunk start

This starts both splunkd (indexer and other back-end processes) and splunkweb (the Splunk Web interface). To start them individually, type:

# splunk start splunkd

or

# splunk start splunkweb

Note: If startwebserver is disabled in web.conf, manually starting splunkweb does not override that setting. If it is disabled in the configuration file, it will not start.

To restart Splunk (splunkd or splunkweb) type:

# splunk restart

# splunk restart splunkd

# splunk restart splunkweb

Stop Splunk

To shut down Splunk, run this command:

# splunk stop

To stop splunkd and Splunk Web individually, type:

# splunk stop splunkd

or

# splunk stop splunkweb

Check if Splunk is running

To check if Splunk is running, type this command at the shell prompt on the server host:

# splunk status

You should see this output: 

splunkd is running (PID: 3162).
splunk helpers are running (PIDs: 3164).
splunkweb is running (PID: 3216).

Note: On Unix systems, you must be logged in as the user who runs Splunk to run the splunk status command. Other users cannot read the necessary files to report status correctly.

You can also use ps to check for running Splunk processes:

# ps aux | grep splunk | grep -v grep

Solaris users, type -ef instead of aux:

# ps -ef | grep splunk | grep -v grep

Restart Splunk from Splunk Web

You can also restart Splunk from Splunk Web:

1. Navigate to Manager > Server controls.

2. Click Restart Splunk.

This will restart both the splunkd and splunkweb processes.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.2/Admin/StartSplunk"

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!