Splunk® Enterprise

Installation Manual

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Install on Solaris

You can install Splunk Enterprise on Solaris with a PKG packages, or a tar file.

Upgrading?

If you are upgrading, review "How to upgrade Splunk" for instructions and migration considerations before proceeding.

Install Splunk

Splunk Enterprise for Solaris is available as a PKG file or a tar file.

PKG file install

The PKG installation package includes a request file that prompts you to answer a few questions before Splunk installs.

pkgadd -d ./splunk_product_name.pkg

A list of the available packages is displayed.

  • Select the packages you wish to process (the default is "all").

The installer then prompts you to specify a base installation directory.

  • To install into the default directory, /opt/splunk, leave this blank.

PKG file upgrade

To upgrade an existing Splunk Enterprise installation using a PKG file, you should use the instance parameter, either in the system's default package installation configuration file (/var/sadm/install/admin/default) or in a custom configuration file that you define and call.

In the default or custom configuration file, set instance=overwrite. This will prevent the upgrade from creating a second splunk package (with instance=unique), or failing (with instance=quit). For information about the instance parameter, see the Solaris man page (man -s4 admin).

To upgrade Splunk Enterprise using the system's default package installation file, use the same command line as you would for a fresh install.

pkgadd -d  ./splunk_product_name.pkg

The installer prompts you to overwrite any changed files, answer yes to every one.

To upgrade using a custom configuration file, type:

pkgadd -a conf_file -d ./splunk_product_name.pkg

To run the upgrade silently (and not have to answer yes for every file overwrite), type:

pkgadd -n -d  ./splunk_product_name.pkg

tar file install

To install Splunk Enterprise on a Solaris system, expand the tar file into an appropriate directory using the tar command:

tar xvzf splunk_package_name.tar.Z

The default install directory is splunk in the current working directory. To install into /opt/splunk, use the following command:

tar xvzf splunk_package_name.tar.Z -C /opt

Note: When you install Splunk Enterprise with a tar file:

  • Some non-GNU versions of tar might not have the -C argument available. In this case, if you want to install in /opt/splunk, either cd to /opt or place the tar file in /opt before running the tar command. This method will work for any accessible directory on your machine's filesystem.
  • If the gzip binary is not present on your system, you can use the uncompress command instead.
  • Splunk Enterprise does not create the splunk user automatically. If you want it to run as a specific user, you must create the user manually before installing.
  • Ensure that the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

What gets installed

Splunk package info:

pkginfo -l splunk

List all packages:

pkginfo

Start Splunk

Splunk Enterprise can run as any user on the local system. If you run it as a non-root user, make sure that it has the appropriate permissions to read the inputs that you specify. For more information, refer to the instructions on running Splunk as a non-root user.

To start Splunk Enterprise from the command line interface, run the following command from $SPLUNK_HOME/bin directory (where $SPLUNK_HOME is the directory into which you installed Splunk):

 ./splunk start

By convention, the Splunk documentation uses:

  • $SPLUNK_HOME to identify the path to your Splunk installation.
  • $SPLUNK_HOME/bin/ to indicate the location of the command line interface.

Startup options

The first time you start Splunk Enterprise after a new installation, you must accept the license agreement. To start Splunk Enterprise and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

Launch Splunk Web and log in

After you start Splunk Enterprise and accept the license agreement,

1. In a browser window, access Splunk Web at http://mysplunkhost:port, where:

  • mysplunkhost is the host machine.
  • port is the port you specified during the installation (8000).

2. Splunk Web prompts you for login information (default, username admin and password changeme) before it launches. If you switch to Splunk Free, you will bypass this logon page in future sessions.

What's next?

Now that you've installed Splunk Enterprise, what comes next?

Uninstall Splunk Enterprise

To learn how to uninstall Splunk Enterprise, read "Uninstall Splunk Enterprise" in this manual.

PREVIOUS
Install on Linux
  NEXT
Install on Mac OS X

This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14


Comments

Charden, the Solaris 11 package will soon be available for download. The Splunk Answer, http://answers.splunk.com/answers/179876/is-it-possible-to-get-splunk-version-62-as-solaris.html, provides additional information.

Andrewb splunk
October 30, 2014

On the download page for Splunk 6.2 there is no Solaris 11 Sparc package download file. Is Splunk going to provide a Solaris 11 Sparc package for Splunk 6.2?

Charden
October 28, 2014

I have also run in to an additional issue. Do to the way security is set up on my servers I am unable to download the tar balls directly to my servers but have to pull them to my laptop then transfer them to the server.<br />Windows by default downloads the files as tar.z instead of tar.Z making it impossible to uncompress because they are unrecognizable as zipped files. Make sure you modify the "save as" to a capital Z instead of the lower case z before downloading.

Sw5269
October 16, 2014

Hi Ahattrell,<br /><br />I've updated the section.

Malmoore, Splunker
March 26, 2013

The tar files for solaris are compressed as .Z files rather than gz. You should still be able to uncompress them with gzip - but it might be worth mentioning you can use the uncompress command if gzip is not installed.

Ahattrell splunk, Splunker
March 26, 2013

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters