Splunk® Enterprise

User Manual

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Start Splunk

When you start Splunk, you're starting up two processes on your host, splunkd and splunkweb:

  • splunkd is a distributed C/C++ server that accesses, processes and indexes streaming IT data and handles search requests.
  • splunkweb is a Python-based application server that provides the Splunk Web interface that you use to search and navigate your IT data and manage your Splunk deployment.

Windows

To start Splunk on Windows, you have three options:

  • start Splunk from the Start menu.
  • use the Windows Services Manager to start and stop splunkd and splunkweb.
  • open a cmd window and go to \Program Files\Splunk\bin and type
> splunk start

Mac OS X

Open a terminal or shell to access the CLI. Go to /Applications/splunk/bin/, and type:

$ ./splunk start

If you have administrator or root privileges you can simplify CLI usage by setting a Splunk environment variable. For more information about how to do this, read "About the CLI" in the Admin manual.

Accept the Splunk license

After you run the start command, Splunk displays the license agreement and prompts you to accept the license before the startup continues.

After you accept the license, the startup sequence displays. At the very end, Splunk tells you where to access Splunk Web:

The Splunk Web interface is at http://localhost:8000

If you run into any problems starting up Splunk, see Start Splunk for the first time in the Installation manual.

Other commands you might need

If you need to stop, restart, or check the status of your Splunk server, use these CLI commands:

$ splunk stop
$ splunk restart
$ splunk status

Launch Splunk Web

Splunk's interface runs as a Web server and after starting up, Splunk tells you where the Splunk Web interface is. Open a browser and navigate to that location.

Splunk Web runs by default on port 8000 of the host on which it's installed. If you are using Splunk on your local machine, the URL to access Splunk Web is http://localhost:8000.

If you are using an Enterprise license, launching Splunk for the first time takes you to this login screen. Follow the message to authenticate with the default credentials:


First time login.png


If you are using a Free license, you do not need to authenticate to use Splunk. In this case, when you start up Splunk you won't see this login screen. Instead, you will be taken directly to Splunk Home or whatever is set as the default app for your account.


When you sign in with your default password, Splunk asks you to create a new password.


Password prompt.png

You can either Skip this or change your password to continue.

Welcome to Splunk

When you log into Splunk for the first time, you should see Splunk Home. This app is designed to help you get started using Splunk. Before you can start using Splunk, you need to add some data.

The Welcome tab includes quick links to:

  • Add data: this takes you to the interface where you can define data inputs.
  • Launch search app: this takes you to Splunk's search interface, where you can start searching your data.


Welcome4.3.png


Use the system navigation bar at the upper right corner to access any apps (under App) and configuration pages (in Manager) for your Splunk server. This system bar is available in every Splunk page, though not all of the same options will be there.

When you're ready, proceed to the next topic in this tutorial to Add data to Splunk.

PREVIOUS
Before you start the tutorial
  NEXT
Add data to Splunk

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters