Start and stop Splunk
This topic provides brief instructions for starting Splunk.
Start Splunk on Windows
On Windows, Splunk is installed by default into
C:\Program Files\Splunk. Many examples in the Splunk documentation use
$SPLUNK_HOME to indicate the Splunk installation, or home, directory. You can replace the string
$SPLUNK_HOME (and the Windows variant
C:\Program Files\Splunk if you installed Splunk into the default directory.
You can start and stop Splunk on Windows in one of the following ways:
1. Start and stop Splunk processes via the Windows Services control panel (accessible from
Start -> Control Panel -> Administrative Tools -> Services)
- Server daemon:
- Web interface:
2. Start and stop Splunk services from a command prompt by using the
NET START <service> or
NET STOP <service> commands:
- Server daemon:
- Web interface:
3. Start, stop, and restart both processes at once by going to
%SPLUNK_HOME%\bin and typing
> splunk [start|stop|restart]
Start Splunk on UNIX
From a shell prompt on the Splunk server host, run this command:
# splunk start
NB: If you have Configured Splunk to start at boot time you should start Splunk using the service command. This will ensure Splunk is started by the user configured in the init.d script.
# service splunk start
This starts both
splunkd (indexer and other back-end processes) and
splunkweb (the Splunk Web interface). To start them individually, type:
# splunk start splunkd
# splunk start splunkweb
startwebserver is disabled in
web.conf, manually starting
splunkweb does not override that setting. If it is disabled in the configuration file, it will not start.
To restart Splunk (
# splunk restart
# splunk restart splunkd
# splunk restart splunkweb
To shut down Splunk, run this command:
# splunk stop
splunkd and Splunk Web individually, type:
# splunk stop splunkd
# splunk stop splunkweb
Check if Splunk is running
To check if Splunk is running, type this command at the shell prompt on the server host:
# splunk status
You should see this output:
splunkd is running (PID: 3162). splunk helpers are running (PIDs: 3164). splunkweb is running (PID: 3216).
Note: On Unix systems, you must be logged in as the user who runs Splunk to run the
splunk status command. Other users cannot read the necessary files to report status correctly.
splunk status decides that the service is running it will return the status code 0, or success. If
splunk status determines that the service is not running it will return the Linux Standard Base value for a non-running service, 3. Other values likely indicate
splunk status has encountered an error.
You can also use
ps to check for running Splunk processes:
# ps aux | grep splunk | grep -v grep
Solaris users, type
-ef instead of
# ps -ef | grep splunk | grep -v grep
Restart Splunk from Splunk Web
You can also restart Splunk from Splunk Web:
1. Navigate to System > Server controls.
2. Click Restart Splunk.
This will restart both the
Customize the CLI login banner
Configure Splunk Enterprise to start at boot time
This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14