Start Splunk for the first time
|Important security tip|
|Before you begin using your new Splunk Enterprise upgrade or installation, you should take a few moments to make sure that Splunk and your data are secure. For more information, read "Hardening Standards" in the Securing Splunk Enterprise manual.|
To start Splunk Enterprise:
You can start Splunk Enterprise on Windows using either the command line, or the Windows Services Manager. Using the command line offers more options, described later in this section. In a
cmd window, go to
C:\Program Files\Splunk\bin and type:
(For Windows users: in subsequent examples and information, replace
C:\Program Files\Splunk if you have installed Splunk in the default location. You can also add
%SPLUNK_HOME% as a system-wide environment variable by using the Advanced tab in the System Properties dialog.)
Use the Splunk Enterprise command-line interface (CLI):
Splunk Enterprise then displays the license agreement and prompts you to accept before the startup sequence continues.
On Mac OS X
Splunk Enterprise can run as any user on the local system. If you run Splunk Enterprise as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify.
Start Splunk Enterprise from the Finder
To start Splunk Enterprise from the Finder, double-click the Splunk icon on the Desktop to launch the helper application, entitled "Splunk's Little Helper".
Note: The first time you run the helper application, it notifies you that it needs to perform a brief initialization. Click OK to allow Splunk to initialize and set up the trial license.
Once the helper application loads, it displays a dialog that offers several choices:
- Start and Show Splunk: This option starts Splunk and directs your web browser to open a page to Splunk Web.
- Only Start Splunk: This choice starts Splunk, but does not open Splunk Web in a browser.
- Cancel: Tells the helper application to quit. This does not affect the Splunk Enterprise instance itself, only the helper application.
Once you make your choice, the helper application performs the requested application and terminates. You can run the helper application again to either show Splunk Web or stop Splunk Enterprise.
The helper application can also be used to stop Splunk Enterprise if it is already running.
Start Splunk Enterprise from the command line
To start Splunk Enterprise from the command line interface, run the following command from
$SPLUNK_HOME/bin directory (where $SPLUNK_HOME is the directory into which you installed Splunk, by default
Other start options
To accept the license automatically when you start Splunk Enterprise for the first time, add the
accept-license option to the
$SPLUNK_HOME/bin/splunk start --accept-license
The startup sequence displays:
Checking prerequisites... Checking http port : open Checking mgmt port : open Verifying configuration. This may take a while... Finished verifying configuration. Checking index directory... Verifying databases... Verified databases: _audit, _blocksignature, _internal, _thefishbucket, history, main, sampledata, splunklogger, summary Checking index files All index checks passed. All preliminary checks passed. Starting splunkd... Starting splunkweb... Splunk Server started. The Splunk web interface is at http://<hostname>:8000
Note: If the default ports are already in use (or are otherwise not available), Splunk Enterprise offers to use the next available port. You can either accept this option or specify a port to use.
There are two other
- If you run
$SPLUNK_HOME/bin/splunk start --no-prompt, Splunk Enterprise proceeds with startup until it requires you to answer a question. Then, it displays the question, why it is quitting, and quits.
- If you run
SPLUNK_HOME/bin/splunk start --answer-yes, Splunk Enterprise proceeds with startup and automatically answers "yes" to all yes/no questions. It displays the question and answer as it continues.
If you run start with all three options in one line, for example:
$SPLUNK_HOME/bin/splunk start --answer-yes --no-prompt --accept-license
- Splunk does not ask you to accept the license.
- Splunk answers yes to any yes/no question.
- Splunk quits when it encounters a non-yes/no question.
Start and disable individual processes
You can start and stop individual Splunk Enterprise processes by adding the process as an object to the
start command. The objects include:
splunkd, the Splunk server daemon.
splunkweb, The Splunk Web interface process.
For example, to start only
$SPLUNK_HOME/bin/splunk start splunkd
$SPLUNK_HOME/bin/splunk disable webserver
For more information about
start, refer to the CLI help page:
$SPLUNK_HOME/bin/splunk help start
Launch Splunk Web
Use whatever host and port you chose during installation.
The first time you log in to Splunk Enterprise, the default login details are:
Username - admin
Password - changeme
Splunk Free does not have access controls.
Run Splunk Enterprise as a different or non-root user
What happens next?
This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14