When you start Splunk, you're starting up two processes on your host,
splunkdis a distributed C/C++ server that accesses, processes and indexes streaming IT data and handles search requests.
splunkwebis a Python-based application server that provides the Splunk Web interface that you use to search and navigate your IT data and manage your Splunk deployment.
To start Splunk on Windows, you have three options:
- start Splunk from the Start menu.
- use the Windows Services Manager to start and stop
- open a cmd window and go to \Program Files\Splunk\bin and type
> splunk start
Mac OS X
Open a terminal or shell to access the CLI. Go to
/Applications/splunk/bin/, and type:
$ ./splunk start
If you have administrator or root privileges you can simplify CLI usage by setting a Splunk environment variable. For more information about how to do this, read "About the CLI" in the Admin manual.
Accept the Splunk license
After you run the start command, Splunk displays the license agreement and prompts you to accept the license before the startup continues.
After you accept the license, the startup sequence displays. At the very end, Splunk tells you where to access Splunk Web:
The Splunk Web interface is at http://localhost:8000
If you run into any problems starting up Splunk, see Start Splunk for the first time in the Installation manual.
Other commands you might need
If you need to stop, restart, or check the status of your Splunk server, use these CLI commands:
$ splunk stop $ splunk restart $ splunk status
Launch Splunk Web
Splunk's interface runs as a Web server and after starting up, Splunk tells you where the Splunk Web interface is. Open a browser and navigate to that location.
Splunk Web runs by default on port 8000 of the host on which it's installed. If you are using Splunk on your local machine, the URL to access Splunk Web is http://localhost:8000.
If you are using an Enterprise license, launching Splunk for the first time takes you to this login screen. Follow the message to authenticate with the default credentials:
If you are using a Free license, you do not need to authenticate to use Splunk. In this case, when you start up Splunk you won't see this login screen. Instead, you will be taken directly to Splunk Home or whatever is set as the default app for your account.
When you sign in with your default password, Splunk asks you to create a new password.
You can either Skip this or change your password to continue.
Welcome to Splunk
When you log into Splunk for the first time, you should see Splunk Home. This app is designed to help you get started using Splunk. Before you can start using Splunk, you need to add some data.
The Welcome tab includes quick links to:
- Add data: this takes you to the interface where you can define data inputs.
- Launch search app: this takes you to Splunk's search interface, where you can start searching your data.
Use the system navigation bar at the upper right corner to access any apps (under App) and configuration pages (in Manager) for your Splunk server. This system bar is available in every Splunk page, though not all of the same options will be there.
When you're ready, proceed to the next topic in this tutorial to Add data to Splunk.
Before you start the tutorial
Add data to Splunk
This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7