Splunk® Enterprise

Admin Manual

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Start and stop Splunk

This topic provides brief instructions for starting Splunk.

Start Splunk on Windows

On Windows, Splunk is installed by default into C:\Program Files\Splunk. Many examples in the Splunk documentation use $SPLUNK_HOME to indicate the Splunk installation, or home, directory. You can replace the string $SPLUNK_HOME (and the Windows variant %SPLUNK_HOME%) with C:\Program Files\Splunk if you installed Splunk into the default directory.

You can start and stop Splunk on Windows in one of the following ways:

1. Start and stop Splunk processes via the Windows Services control panel (accessible from Start -> Control Panel -> Administrative Tools -> Services)

  • Server daemon: splunkd
  • Web interface: splunkweb

2. Start and stop Splunk services from a command prompt by using the NET START <service> or NET STOP <service> commands:

  • Server daemon: splunkd
  • Web interface: splunkweb

3. Start, stop, and restart both processes at once by going to %SPLUNK_HOME%\bin and typing

> splunk [start|stop|restart]

Start Splunk on UNIX

Start Splunk

From a shell prompt on the Splunk sever host, run this command:

# splunk start

This starts both splunkd (indexer and other back-end processes) and splunkweb (the Splunk Web interface). To start them individually, type:

# splunk start splunkd

or

# splunk start splunkweb

Note: If startwebserver is disabled in web.conf, manually starting splunkweb does not override that setting. If it is disabled in the configuration file, it will not start.

To restart Splunk (splunkd or splunkweb) type:

# splunk restart

# splunk restart splunkd

# splunk restart splunkweb

Stop Splunk

To shut down Splunk, run this command:

# splunk stop

To stop splunkd and Splunk Web individually, type:

# splunk stop splunkd

or

# splunk stop splunkweb

Check if Splunk is running

To check if Splunk is running, type this command at the shell prompt on the server host:

# splunk status

You should see this output:

splunkd is running (PID: 3162).
splunk helpers are running (PIDs: 3164).
splunkweb is running (PID: 3216).

Note: On Unix systems, you must be logged in as the user who runs Splunk to run the splunk status command. Other users cannot read the necessary files to report status correctly.

You can also use ps to check for running Splunk processes:

# ps aux | grep splunk | grep -v grep

Solaris users, type -ef instead of aux:

# ps -ef | grep splunk | grep -v grep

Restart Splunk from Splunk Web

You can also restart Splunk from Splunk Web:

1. Navigate to Manager > Server controls.

2. Click Restart Splunk.

This will restart both the splunkd and splunkweb processes.

PREVIOUS
What is Splunk?
  NEXT
Configure Splunk to start at boot time

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters