Install on Windows
This topic describes the procedure for installing Splunk on Windows with the Graphical User Interface (GUI)-based installer. More options (such as silent installation) are available if you install from the command line.
Important: Running the 32-bit version of Splunk for Windows on a 64-bit Windows system is not recommended. If you attempt to run the 32-bit installer on a 64-bit system, the installer will warn you of this.
If you can run 64-bit Splunk on 64-bit hardware, we strongly recommend it. The performance is greatly improved over the 32-bit version.
Note: If you want to install the Splunk universal forwarder, see the Distributed Deployment manual: "Universal forwarder deployment overview". Unlike Splunk heavy and light forwarders, which are full Splunk instances with some features changed or disabled, the universal forwarder is an entirely separate executable, with its own set of installation procedures. For an introduction to forwarders, see "About forwarding and receiving".
If you are upgrading, review "How to upgrade Splunk" for instructions and migration considerations before proceeding.
Before you install
Choose the Windows user Splunk should run as
Before installing, be sure to read "Choose the Windows user Splunk should run as" to determine which user account Splunk should run as to address your specific needs. The user you choose has specific ramifications on what you need to do prior to installing the software, and more details can be found there.
Splunk for Windows and anti-virus software
Splunk's indexing subsystem requires lots of disk throughput. Any software with a device driver that intermediates between Splunk and the operating system can rob Splunk of processing power, causing slowness and even an unresponsive system. This includes anti-virus software.
It's extremely important to configure such software to avoid on-access scanning of Splunk installation directories and processes, before starting a Splunk installation.
Install Splunk via the GUI installer
The Windows installer is an MSI file.
1. To start the installer, double-click the
The installer runs and displays the Welcome panel.
2. To begin the installation, click Next.
Note: On each panel, you can click Next to continue, Back to go back a step, or Cancel to cancel the installation and quit the installer.
The installer displays the licensing panel.
3. Read the licensing agreement and select "I accept the terms in the license agreement". Click Next to continue installing.
The installer displays the Destination Folder panel.
Note: By default, Splunk gets installed into
\Program Files\Splunk on the system drive. Splunk's installation directory is referred to as
%SPLUNK_HOME% throughout this documentation set.
4. Click Change... to specify a different location to install Splunk, or click Next to accept the default value.
The installer displays the Logon Information panel.
Splunk installs and runs two Windows services,
splunkweb. These services install and run as the user you specify on this panel. You can choose to run Splunk as the Local System user, or another user.
Important: If you choose to run Splunk as another user, that user must:
- Be a member of an Active Directory domain (you cannot install Splunk as a local machine account other than the Local System account)
- Have local administrator privileges on the machine which you are performing the installation, and
- Have specific user rights, and other additional permissions, depending on the kinds of data you want to collect from remote machines.
Read "Choose the Windows user Splunk should run as" for additional information on these permissions and rights requirements.
If you have not read the above linked topic beforehand, then stop the installation now and read that topic first.
5. Select a user type and click Next.
If you specified the local system user, proceed to Step 7. Otherwise, the installer displays the Logon Information: specify a username and password panel.
6. Specify a username and password to install and run Splunk and click Next.
Note: This must be a valid user in your security context, and must be an active member of an Active Directory domain. Splunk must run under either the Local System account or a valid user account with a valid password and local administrator privileges.
The installer displays the installation summary panel.
7. Click Install to proceed.
The installer runs and displays the Installation Complete panel.
Caution: If you specified the wrong user during the installation procedure, you will see two pop-up error windows explaining this. If this occurs, Splunk installs itself as the local system user by default. Splunk does not start automatically in this situation. You can proceed through the final panel of the installation, but uncheck the "Launch browser with Splunk" checkbox to prevent your browser from launching. Then, use these instructions to switch to the correct user before starting Splunk.
8. If desired, check the boxes to Launch browser with Splunk and Create Start Menu Shortcut now. Click Finish.
The installation completes, Splunk starts, and Splunk Web launches in a supported browser if you checked the appropriate box.
Note: The first time you access Splunk Web after installation, login with the default username
admin and password
changeme. Do not use the username and password you provided during the installation process.
Launch Splunk in a Web browser
To access Splunk Web after you start Splunk on your machine, you can either:
- Click the Splunk icon in Start > Programs > Splunk
- Open a Web browser and navigate to
Log in using the default credentials: username:
admin and password:
The first time you log into Splunk successfully, you'll be prompted right away to change your password. You can do so by entering a new password and clicking the Change password button, or you can do it later by clicking the Skip button.
Note: If you do not change your password, remember that anyone who has access to the machine can access your Splunk instance. Be sure to change the admin password as soon as possible and make a note of what you changed it to.
Avoid IE Enhanced Security pop-ups
If you're using Internet Explorer to access Splunk, add the following URLs to the allowed Intranet group or fully trusted group to avoid getting "Enhanced Security" pop-ups:
- the URL of your Splunk instance
Change the Splunk Web or splunkd service ports
If you want the Splunk Web service or the splunkd service to use a different port, you can change the defaults.
To change the splunk web service port:
- Open a command prompt.
- Change to the
- Type in
splunk set web-port ####and press Enter.
To change the splunkd port:
- Open a command prompt, if one isn't already.
- Change to the
- Type in
splunk set splunkd-port ####and press Enter.
Note: If you specify a port and that port is not available, or if the default port is unavailable, Splunk will automatically select the next available port.
Install or upgrade license
If you are performing a new installation of Splunk or switching from one license type to another, you must install or update your license.
Now that you've installed Splunk, you can find out what comes next, or you can review these topics in the Getting Data In Manual for information on adding Windows data to Splunk:
Prepare your Windows network for a Splunk installation as a network or domain user
Install on Windows via the command line
This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18