Before you start the tutorial
Before you can begin to use Splunk, you need to download, install, and start up a Splunk instance. Hey, no worries -- this only takes about 5 minutes!
If you already have access to a running Splunk server, skip down to Add data to Splunk and start there.
Do you have what it takes to run Splunk?
Splunk runs on most computing platforms, but this tutorial will focus specifically on the Windows and Mac OS X versions of Splunk. Of course, whatever platform you choose to run it on, it's still Splunk, and you should be able to follow along from Start Splunk onwards.
While Splunk is software that you install on your local machine, you access Splunk through a Web browser. Splunk supports most versions of Firefox, Internet Explorer, and Safari.
Splunk is a high-performance application, but for this tutorial, you really only need an individual Windows or Mac machine that meets at least the following specifications:
|Platform||Minimum supported hardware capacity|
|Non-Windows platforms||1x1.4 GHz CPU, 1 GB RAM|
|Windows platforms||Pentium 4 or equivalent at 2Ghz, 2GB RAM|
For the complete list of specifications, see the system requirements in the Installation manual.
Which license is for you?
Splunk runs with either an Enterprise license or a Free license. When you download Splunk for the first time, you get an Enterprise trial license that expires after 60 days. This trial license enables 500 MB/day indexing and all of the Enterprise features.
Once you install Splunk, you can run with the Enterprise trial license until it expires, switch to the perpetual Free license (it's included!), or purchase an Enterprise license.
Read more about Splunk licenses and features.
The Windows installer is an MSI file. There are two Mac OS X installers; for this tutorial, you'll use the DMG package.
Download the latest version of Splunk from the download page.
Log into Splunk.com to download Splunk. If you're not logged on, clicking the download package will redirect you to a registration form. If you don't already have a Splunk.com account, sign up for one.
Splunk provides graphical installers for the Windows and Mac OS X platforms, though you can also install using the command line interface, or CLI.
For command line instructions and installations on other platforms, see the detailed installation procedures in the Installation manual.
1. To start the installer, double-click the
2. In the Welcome panel, click Next.
3. Read the licensing agreement and check the box next to "I accept the terms in the license agreement". Click Next to continue installing.
4. In the Customer Information, enter the requested details and click Next.
5. In the Destination Folder panel, click Change... to specify a different location to install Splunk, or click Next to accept the default value.
Splunk is installed by default into the
\Program Files\Splunk directory.
The Logon Information panel is displayed.
6. In the Logon Information panel, select Local system user and click Next.
If you want to learn about the other user option, refer to the detailed instructions for installing Splunk on Windows.
7. After you specify a user, the pre-installation summary panel is displayed. Click Install to proceed.
8. In the Installation Complete panel, check the boxes to Launch browser with Splunk and Create Start Menu Shortcut now.
9. Click Finish.
The installation completes, Splunk starts, and Splunk Web launches in a supported browser.
Mac OS X
1. Double-click on the DMG file.
2. In the Finder window, double-click on splunk.pkg.
The Splunk installer opens and displays the Introduction.
3. Click Continue.
4. In the Select a Destination window, choose a location to install Splunk.
- To install in the default directory,
/Applications/splunk, click on the harddrive icon.
- To select a different location, click Choose Folder...
5. Click Continue.
The pre-installation summary displays. If you need to make changes,
- Click Change Install Location to choose a new folder, or
- Click Back to go back a step.
6. Click Install.
The installation will begin. It may take a few minutes.
7. When your install completes, click Finish.
The installation completes, and now you're ready to start Splunk.
Welcome to the Splunk Tutorial
This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7