Splunk® Enterprise

Installation Manual

Download manual as PDF

Splunk Enterprise version 5.0 reached its End of Life on December 1, 2017. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Start Splunk for the first time

Important:

Before you begin using your new Splunk upgrade or installation, you should take a few moments to make sure that Splunk and your data are secure. For more information, read "Secure your Splunk Enterprise installation."

To start Splunk:

On Windows

You can start Splunk on Windows using either the command line, or the Windows Services Manager. Using the command line offers more options, described later in this section. In a cmd window, go to C:\Program Files\Splunk\bin and type:

splunk start

(For Windows users: in subsequent examples and information, replace $SPLUNK_HOME with C:\Program Files\Splunk if you have installed Splunk in the default location. You can also add %SPLUNK_HOME% as a system-wide environment variable by using the System Properties dialog's Advanced tab.)

On UNIX

Use the Splunk command-line interface (CLI):

$SPLUNK_HOME/bin/splunk start

Splunk then displays the license agreement and prompts you to accept before the startup sequence continues.

On Mac OS X

Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify.

Start Splunk from the Finder

To start Splunk from the Finder, double-click the Splunk icon on the Desktop to launch the Splunk helper application, entitled "Splunk's Little Helper".

Note: The first time you run the helper application, it notifies you that it needs to perform a brief initialization. Click OK to allow Splunk to initialize and set up the trial license.

Once the helper application loads, it displays a dialog that offers several choices:

  • Start and Show Splunk: This option starts Splunk and directs your web browser to open a page to Splunk Web.
  • Only Start Splunk: This choice starts Splunk, but does not open Splunk Web in a browser.
  • Cancel: Tells the helper application to quit. This does not affect the Splunk instance itself, only the helper application.

Once you make your choice, the Splunk helper application performs the requested application and terminates. You can run the helper application again to either show Splunk Web or stop Splunk.

The Splunk helper application can also be used to stop Splunk if it is already running.

Start Splunk from the command line

To start Splunk from the command line interface, run the following command from $SPLUNK_HOME/bin directory (where $SPLUNK_HOME is the directory into which you installed Splunk, by default /Applications/splunk):

 ./splunk start

Other start options

To accept the license automatically when you start Splunk for the first time, add the accept-license option to the start command:

$SPLUNK_HOME/bin/splunk start --accept-license

The startup sequence displays:

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Verifying configuration.  This may take a while...
Finished verifying configuration.
Checking index directory...
Verifying databases...
Verified databases: _audit, _blocksignature, _internal, _thefishbucket, history, main, sampledata, splunklogger, summary
Checking index files
All index checks passed.
All preliminary checks passed.
Starting splunkd...
Starting splunkweb...
Splunk Server started. 
The Splunk web interface is at http://<hostname>:8000 

Note: If the default ports are already in use (or are otherwise not available), Splunk will offer to use the next available port. You can either accept this option or specify a port for Splunk to use.

There are two other start options: no-prompt and answer-yes:

  • If you run $SPLUNK_HOME/bin/splunk start --no-prompt, Splunk proceeds with startup until it requires you to answer a question. Then, it displays the question, why it is quitting, and quits.
  • If you run SPLUNK_HOME/bin/splunk start --answer-yes, Splunk proceeds with startup and automatically answers "yes" to all yes/no questions. Splunk displays the question and answer as it continues.

If you run start with all three options in one line, for example:

$SPLUNK_HOME/bin/splunk start --answer-yes --no-prompt --accept-license
  • Splunk does not ask you to accept the license.
  • Splunk answers yes to any yes/no question.
  • Splunk quits when it encounters a non-yes/no question.

Start and disable individual processes

You can start and stop individual Splunk processes by adding the process as an object to the start command. The objects include:

  • splunkd, the Splunk server daemon.
  • splunkweb, Splunk's Web interface process.

For example, to start only splunkd:

$SPLUNK_HOME/bin/splunk start splunkd

To disable splunkweb:

$SPLUNK_HOME/bin/splunk disable webserver

For more information about start, refer to the CLI help page:

$SPLUNK_HOME/bin/splunk help start

Launch Splunk Web

Navigate to:

http://mysplunkhost:8000

Use whatever host and port you chose during installation.

The first time you log in to Splunk Enterprise, the default login details are:
Username - admin
Password - changeme

Splunk Free does not have access controls.

PREVIOUS
Run Splunk as a different or non-root user
  NEXT
What happens next?

This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18


Comments

Hi,<br /><br />You receive this message on a brand new installation? My suggestion would be to uninstall and reinstall again.

Malmoore
November 11, 2013

I am not able to log in with the first time credentials. Its saying invalid username and password. Please help me

Splunklab2013
November 10, 2013

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters