Splunk® Enterprise

Installation Manual

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Install on Mac OS

This topic describes how to install Splunk on MacOS.


If you are upgrading, review the upgrade documentation later in this manual and check READ THIS FIRST for any migration considerations before proceeding.

Installation options

The Mac OS build comes in two forms: a DMG package and a tarball. Below are instructions for the:

  • Graphical (basic) and command line installs using the DMG file.
  • Tarball install.

Note: if you require two installations in different locations on the same host, use the tarball. The pkg installer cannot install a second instance. If one exists, it will remove it upon successful install of the second.

Graphical install

1. Double-click on the DMG file.

A Finder window containing splunk.pkg opens.

2. In the Finder window, double-click on splunk.pkg.

The Splunk installer opens and displays the Introduction, which lists version and copyright information.

3. Click Continue.

The Select a Destination window opens.

4. Choose a location to install Splunk.

  • To install in the default directory, /Applications/splunk, click on the harddrive icon.
  • To select a different location, click Choose Folder...

5. Click Continue.

The pre-installation summary displays. If you need to make changes,

  • Click Change Install Location to choose a new folder, or
  • Click Back to go back a step.

6. Click Install.

Your installation will begin. It may take a few minutes.

7. When your install completes, click Finish.

Command line install

1. To mount the dmg:

hdid splunk_package_name.dmg

2. To Install

  • To the root volume:
installer -pkg splunk.pkg -target /
  • To a different disk of partition:
installer -pkg splunk.pkg -target /Volumes\ Disk

-target specifies a target volume, such as another disk, where Splunk will be installed in /Applications/splunk.

To install into a directory other than /Applications/splunk on any volume, use the graphical installer as described above.

Tarball install

To install Splunk on a Mac OS, expand the tarball into an appropriate directory using the tar command:

tar xvzf splunk_package_name.tgz

The default install directory is splunk in the current working directory. To install into /Applications/splunk, use the following command:

tar xvzf splunk_package_name.tgz -C /Applications

Note: When you install Splunk with a tarball:

  • Splunk does not create the splunk user automatically. If you want Splunk to run as a specific user, you must create the user manually before installing.
  • Ensure that the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

Start Splunk

Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify.

To start Splunk from the command line interface, run the following command from $SPLUNK_HOME/bin directory (where $SPLUNK_HOME is the directory into which you installed Splunk):

 ./splunk start

By convention, this document uses:

  • $SPLUNK_HOME to identify the path to your Splunk installation.
  • $SPLUNK_HOME/bin/ to indicate the location of the command line interface.

Startup options

The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

Launch Splunk Web and log in

After you start Splunk and accept the license agreement,

1. In a browser window, access Splunk Web at
  • hostname is the host machine.
  • port is the port you specified during the installation (the default port is 8000).

2. Splunk Web prompts you for login information (default, username admin and password changeme) before it launches. If you switch to Splunk Free, you will bypass this logon page in future sessions.

What's next?

Now that you've installed Splunk, what comes next?

Manage your license

If you are performing a new installation of Splunk or switching from one license type to another, you must install or update your license.

Uninstall Splunk

Use your local package management commands to uninstall Splunk. In most cases, files that were not originally installed by the package will be retained. These files include your configuration and index files which are under your installation directory.

You can also simply go to $SPLUNK_HOME/bin, type ./splunk stop on the command line and then delete the $SPLUNK_HOME directory and everything under it.

Install on Solaris
Install on FreeBSD

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters