Splunk® Enterprise

Search Tutorial

Download manual as PDF

Download topic as PDF

Install Splunk Enterprise

You can install Splunk Enterprise on the following operating systems.

For other installers or other supported operating systems, see the step-by-step installation instructions for that platform. After installing Splunk Enterprise, you can continue to Navigating Splunk Web.

Linux installation instructions

Splunk Enterprise provides three Linux installer options: an RPM, a DEB, or a .tar file.

Prerequisite
You must have access to a command-line interface (CLI). When you type in the installation commands, replace splunk_package_name with the file name of the Splunk Enterprise installer that you downloaded.

Install the Splunk Enterprise RPM

You can install the Splunk Enterprise RPM in the default directory /opt/splunk, or in a different directory.

  1. Use the CLI to install Splunk Enterprise.
    • To install into the default directory, type rpm -i splunk_package_name.rpm.
    • To install into a different directory, add the --prefix flag to the installation command.
      For example, type rpm -i --prefix=/opt/new_directory splunk_package_name.rpm.
  2. A command line window prompts you to create an administrator password. You need this password for your initial Splunk Enterprise login.
    This appears to be your first time running this version of Splunk.
    An Admin password must be set before installation proceeds.
    Password must contain at least:
       * 8 total printable ASCII character(s).
    Please enter a new password: 
    Please confirm new password: 
    


    If you have enabled --no prompt in the command line, you are not prompted to create the administrator credentials needed to log into Splunk Enterprise for the first time. There are several ways you can create these credentials at startup. See Start Splunk Enterprise for the first time.

  3. Go to the steps to Launch Splunk Web.

Install the Splunk Enterprise DEB package

  • You can install the Splunk Enterprise DEB only into the /opt/splunk directory.
  • This location must be a regular directory, and cannot be a symbolic link.
  • You must have access to the root user or have sudo permissions to install the package.
  • The package does not create environment variables to access the Splunk Enterprise installation directory. You must set those variables on your own.

If you need to install Splunk Enterprise somewhere else, or if you use a symbolic link for /opt/splunk, then use a TAR file to install the software.

  1. In the CLI, type dpkg -i splunk_package_name.deb.
  2. Go to the steps to Launch Splunk Web.

Install the Splunk Enterprise TAR file

Knowing the following items helps ensure a successful installation with a tar file:

  • Some non-GNU versions of tar might not have the -C argument available. In this case, to install in /opt/splunk, either cd to /opt or place the tar file in /opt before you run the tar command. This method works for any accessible directory on your host file system.
  • Splunk Enterprise does not create the splunk user. If you want Splunk Enterprise to run as a specific user, you must create the user manually before you install.
  • Confirm that the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.
  1. To install Splunk Enterprise on a Linux system, expand the TAR file into an appropriate directory using the tar command. The default installation directory is splunk in the current working directory.

    To install into /opt/splunk, use the following command with the -C argument.
    tar xvzf splunk_package_name.tgz -C /opt
    
  2. A command line window prompts you to create an administrator password. You will need this password for you initial Splunk Enterprise login.
    This appears to be your first time running this version of Splunk.
    
    An Admin password must be set before installation proceeds.
    Password must contain at least:
       * 8 total printable ASCII character(s).
    Please enter a new password: 
    Please confirm new password: 
    

    If you have enabled --no prompt in the command line, you are not prompted to create the administrator credentials needed to log into Splunk Enterprise for the first time. There are several ways you can create these credentials at startup. See Start Splunk Enterprise for the first time.

  3. Go to the steps to Launch Splunk Web.

Windows installation instructions

For this tutorial you will install Splunk Enterprise using the default installation settings, which run the software as the Local System user, admin.

  1. Navigate to the folder or directory where the installer is located.
  2. Double-click the splunk.msi file to start the installer.
  3. In the Welcome panel, read the License Agreement and click Check this box to accept the license agreement.
  4. Click Next.
  5. You are prompted to specify a password for the Splunk admin user. Type and confirm the password.
    The password must be at least 8 characters in length. Do not forget this password. You will use this password to log into Splunk Web.
  6. Click Next.
  7. (Optional) You are prompted to create a shortcut on the Start Menu. If you want to do this, click Create Start Menu shortcut.
  8. Click Install.
  9. In the Installation Complete panel, confirm that the Launch browser with Splunk check box is selected.
  10. Click Finish.
    The installation finishes, Splunk Enterprise starts, and Splunk Web launches in a browser window.
  11. Go to the steps to Launch Splunk Web.

For other user options or to perform a custom installation, see the instructions for Install on Windows in the Installation Manual.

Mac OS X installation instructions

  1. Navigate to the folder or directory where the installer is located.
  2. Double-click the DMG file.
    A Finder window that contains the splunk.pkg opens.
  3. Double-click the Install Splunk icon to start the installer.
  4. The Introduction panel lists version and copyright information. Click Continue.
  5. The License panel lists shows the software license agreement. Click Continue.
  6. You will be asked to agree to the terms of the software license agreement. Click Agree.
  7. In the Installation Type panel, click Install. This installs Splunk Enterprise in the default directory /Applications/splunk.
  8. You are prompted to type the password that you use to login to your computer.
  9. When the installation finishes, a popup informs you that an initialization must be performed. Click OK.
  10. A terminal window appears with a prompt for you to specify a password to access Splunk Enterprise with the admin account. Choose a password that is at least 8 characters long. Do not forget this password. You will use this password to log into Splunk Web. Type the password and press return. The cursor will not advance as you type.
  11. Confirm the new password when prompted and press return.
  12. A popup appears asking what you would like to do. Click Start and Show Splunk. The login page for Splunk Enterprise opens in your browser window.
  13. Close the Install Splunk window.

    The installer places a shortcut on the Desktop so that you can launch Splunk Enterprise from your Desktop any time.

  14. Go to the steps to Launch Splunk Web.

Next step

Start Splunk Enterprise and launch Splunk Web

See also

Install on Linux in the Installation Manual.

PREVIOUS
What you need for this tutorial
  NEXT
Launch Splunk Web

This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.2.0, 7.2.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters