Splunk® Enterprise

User Manual

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Before you start the tutorial

Before you can begin to use Splunk, you need to download, install, and start up a Splunk instance. Hey, no worries -- this only takes about 5 minutes!

If you already have access to a running Splunk server, skip down to Add data to Splunk and start there.

Do you have what it takes to run Splunk?

Splunk runs on most computing platforms, but this tutorial will focus specifically on the Windows and Mac OS X versions of Splunk. Of course, whatever platform you choose to run it on, it's still Splunk, and you should be able to follow along from Start Splunk onwards.

While Splunk is software that you install on your local machine, you access Splunk through a Web browser. Splunk supports most versions of Firefox, Internet Explorer, and Safari.

Splunk is a high-performance application, but for this tutorial, you really only need an individual Windows or Mac machine that meets at least the following specifications:

Platform Minimum supported hardware capacity
Non-Windows platforms 1x1.4 GHz CPU, 1 GB RAM
Windows platforms Pentium 4 or equivalent at 2Ghz, 2GB RAM

For the complete list of specifications, see the system requirements in the Installation manual.

Which license is for you?

Splunk runs with either an Enterprise license or a Free license. When you download Splunk for the first time, you get an Enterprise trial license that expires after 60 days. This trial license enables 500 MB/day indexing and all of the Enterprise features.

Once you install Splunk, you can run with the Enterprise trial license until it expires, switch to the perpetual Free license (it's included!), or purchase an Enterprise license.

Read more about Splunk licenses and features.

Download Splunk

The Windows installer is an MSI file. There are two Mac OS X installers; for this tutorial, you'll use the DMG package.

Download the latest version of Splunk from the download page.

Log into Splunk.com to download Splunk. If you're not logged on, clicking the download package will redirect you to a registration form. If you don't already have a Splunk.com account, sign up for one.

Install Splunk

Splunk provides graphical installers for the Windows and Mac OS X platforms, though you can also install using the command line interface, or CLI.

For command line instructions and installations on other platforms, see the detailed installation procedures in the Installation manual.


1. To start the installer, double-click the splunk.msi file.

2. In the Welcome panel, click Next.

3. Read the licensing agreement and check the box next to "I accept the terms in the license agreement". Click Next to continue installing.

4. In the Customer Information, enter the requested details and click Next.

5. In the Destination Folder panel, click Change... to specify a different location to install Splunk, or click Next to accept the default value.

Splunk is installed by default into the \Program Files\Splunk directory.

The Logon Information panel is displayed.

6. In the Logon Information panel, select Local system user and click Next.

If you want to learn about the other user option, refer to the detailed instructions for installing Splunk on Windows.

7. After you specify a user, the pre-installation summary panel is displayed. Click Install to proceed.

8. In the Installation Complete panel, check the boxes to Launch browser with Splunk and Create Start Menu Shortcut now.

9. Click Finish.

The installation completes, Splunk starts, and Splunk Web launches in a supported browser.

Mac OS X

1. Double-click on the DMG file.

2. In the Finder window, double-click on splunk.pkg.

The Splunk installer opens and displays the Introduction.

3. Click Continue.

4. In the Select a Destination window, choose a location to install Splunk.

  • To install in the default directory, /Applications/splunk, click on the harddrive icon.
  • To select a different location, click Choose Folder...

5. Click Continue.

The pre-installation summary displays. If you need to make changes,

  • Click Change Install Location to choose a new folder, or
  • Click Back to go back a step.

6. Click Install.

The installation will begin. It may take a few minutes.

7. When your install completes, click Finish.

The installation completes, and now you're ready to start Splunk.

Welcome to the Splunk Tutorial
Start Splunk

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7


hi Pbarbier,<br />there is a link to the Installation manual in the 2nd sentence under "Install Splunk". thanks for the suggestion!

February 3, 2011

For platforms other than Windows and Mac, why not add a pointer to the installation manual (http://www.splunk.com/base/Documentation:Installation) ?

February 1, 2011

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters