Install on Mac OS
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Install on Mac OS
This topic describes how to install Splunk on MacOS.
The Mac OS build comes in two forms: a DMG package and a tarball. Below are instructions for the:
- Graphical (basic) and command line installs using the DMG file.
- Tarball install.
Note: if you require two installations in different locations on the same host, use the tarball. The pkg installer cannot install a second instance. If one exists, it will remove it upon successful install of the second.
1. Double-click on the DMG file.
A Finder window containing splunk.pkg opens.
2. In the Finder window, double-click on splunk.pkg.
The Splunk installer opens and displays the Introduction, which lists version and copyright information.
3. Click Continue.
The Select a Destination window opens.
4. Choose a location to install Splunk.
- To install in the default directory,
/Applications/splunk, click on the harddrive icon.
- To select a different location, click Choose Folder...
5. Click Continue.
The pre-installation summary displays. If you need to make changes,
- Click Change Install Location to choose a new folder, or
- Click Back to go back a step.
6. Click Install.
Your installation will begin. It may take a few minutes.
7. When your install completes, click Finish.
Command line install
1. To mount the dmg:
2. To Install
- To the root volume:
installer -pkg splunk.pkg -target /
- To a different disk of partition:
installer -pkg splunk.pkg -target /Volumes\ Disk
-target specifies a target volume, such as another disk, where Splunk will be installed in
To install into a directory other than
/Applications/splunk on any volume, use the graphical installer as described above.
To install Splunk on a Mac OS, expand the tarball into an appropriate directory using the
tar xvzf splunk_package_name.tgz
The default install directory is
splunk in the current working directory. To install into
/Applications/splunk, use the following command:
tar xvzf splunk_package_name.tgz -C /Applications
Note: When you install Splunk with a tarball:
- Splunk does not create the
splunkuser automatically. If you want Splunk to run as a specific user, you must create the user manually before installing.
- Ensure that the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.
Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify.
To start Splunk from the command line interface, run the following command from
$SPLUNK_HOME/bin directory (where $SPLUNK_HOME is the directory into which you installed Splunk):
By convention, this document uses:
$SPLUNK_HOMEto identify the path to your Splunk installation.
$SPLUNK_HOME/bin/to indicate the location of the command line interface.
The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:
$SPLUNK_HOME/bin/splunk start --accept-license
Note: There are two dashes before the
Launch Splunk Web and log in
After you start Splunk and accept the license agreement,1. In a browser window, access Splunk Web at
hostnameis the host machine.
portis the port you specified during the installation (the default port is 8000).
2. Splunk Web prompts you for login information (default, username
admin and password
changeme) before it launches. If you switch to Splunk Free, you will bypass this logon page in future sessions.
Now that you've installed Splunk, what comes next?
Manage your license
If you are performing a new installation of Splunk or switching from one license type to another, you must install or update your license.
Use your local package management commands to uninstall Splunk. In most cases, files that were not originally installed by the package will be retained. These files include your configuration and index files which are under your installation directory.
You can also simply go to
./splunk stop on the command line and then delete the
$SPLUNK_HOME directory and everything under it.