Splunk® Enterprise

Search Tutorial

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Start Splunk Enterprise and launch Splunk Web

You downloaded and installed Splunk Enterprise. This topic explains how to start Splunk Enterprise and launch Splunk Web.

About starting Splunk Enterprise

When you start Splunk Enterprise, you start two processes, splunkd and splunkweb.

  • splunkd is a distributed C/C++ server that accesses, processes, and indexes streaming machine data and handles search requests.
  • splunkweb is a Python-based application server that provides the Splunk Web interface that you use to search and navigate your machine data and manage your Splunk deployment.

After you start Splunk Enterprise, accept the license agreement and use a supported web browser to access Splunk Web.

Start Splunk Enterprise on Windows

After the Windows installation finishes, Splunk Enterprise starts and launches Splunk Web in a supported browser. If Splunk Enterprise did not start, you have the following options:

  • Start Splunk Enterprise from the Start menu.
  • Use the Windows Services Manager to start and stop splunkd and splunkweb.
  • Open a cmd window, go to \Program Files\Splunk\bin, and type
> splunk start

Start Splunk Enterprise on Linux

After you install Splunk Enterprise, use the Splunk CLI to start it. Simplify the CLI access by adding a SPLUNK_HOME environment variable for the top level installation directory and adding $SPLUNK_HOME/bin to your shell's path.

If you installed in the default location for Linux, your export path should look like this:

# export SPLUNK_HOME=/opt/splunk
# export PATH=$SPLUNK_HOME/bin:$PATH

For information on how to access the CLI, see "About the CLI" in the Admin manual.

To start Splunk:

1. Type:

$SPLUNK_HOME/bin/splunk start

Accept the Splunk Enterprise License

After you run the start command, Splunk Enterprise displays the license agreement and prompts you to accept the license before the startup sequence continues.

If you have problems starting Splunk Enterprise, see "Start Splunk Enterprise for the first time" in the Installation manual.

Other commands you might need

If you need to stop, restart, or check the status of your Splunk Enterprise server, use these CLI commands:

$ splunk stop
$ splunk restart
$ splunk status

Start Splunk Enterprise on Mac OS X

In Mac OS X, you can start Splunk Enterprise from the Finder.

1. Double-click the Splunk icon on the Desktop to launch the Splunk helper application, entitled "Splunk's Little Helper".

The first time you run the helper application, it notifies you that it needs to perform a brief initialization.

2. Click OK to allow Splunk to initialize and set up the trial license.

After the helper application loads, it displays a dialog box with several options:

  • Start and Show Splunk: This option starts Splunk Enterprise and directs your web browser to open a page to Splunk Web.
  • Only Start Splunk: This option starts Splunk Enterprise, but does not open Splunk Web in a browser.
  • Cancel: Tells the helper application to quit. This action does not affect the Splunk Enterprise instance itself, only the helper application.

After you make your choice, the helper application performs the requested application and stops. Run the helper application again to either show Splunk Web or stop Splunk Enterprise.

Use the helper application to stop Splunk Enterprise if it is running.

Launch Splunk Web

At the end of the startup sequence, Splunk gives you a message about where to access Splunk Web:

The Splunk Web interface is at http://localhost:8000

Splunk Web runs by default on port 8000 of the host on which it is installed. If you use Splunk on your local machine, the URL to access Splunk Web is http://localhost:8000.

If you use an Enterprise license, when you launch Splunk Enterprise for the first time, this login screen appears. Follow the message to authenticate with the default credentials.

6.1 first time logon.png

If you are using a Free license, you do not need to authenticate to use Splunk Enterprise. In this case, when you start Splunk Enterprise you do not see this login screen. Instead, you go directly to Splunk Home or whatever is set as the default app for your account.

When you sign in with your default password, Splunk asks you to create a new password. You can either skip this or change your password to continue.

The first page you see is Splunk Home.

Next steps

This completes Part 1 of the Search Tutorial. Continue to Part 2: Getting started with Splunk.

Install Splunk Enterprise on Linux, Windows, or Mac OS X
About Splunk Home

This documentation applies to the following versions of Splunk® Enterprise: 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters