Splunk® Enterprise

Installation Manual

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Install on FreeBSD

Splunk Enterprise for FreeBSD comes in two forms: an installer (5.4-intel) and a tar file (i386). Both are gzipped tar (.tgz) files.

Upgrading?

If you are upgrading, review "How to upgrade Splunk Enterprise" for instructions and migration considerations before proceeding.

Prerequisites

For FreeBSD 8, Splunk Enterprise requires compatibility packages. To install the compatibility package:

1. Install the port:

portsnap fetch update

cd /usr/ports/misc/compat7x/ && make install clean

2. Add the package:

pkg_add -r compat7x-amd64

Basic install

To install Splunk Enterprise for FreeBSD using the intel installer:

pkg_add splunk_package_name-6.1-intel.tgz

Important: This installs Splunk Enterprise in the default directory, /opt/splunk. If /opt does not exist, you will need to create it prior to running the install command. If you don't, you might receive an error message. Splunk recommends that you create a symbolic link to another filesystem and install Splunk there, because FreeBSD best practices maintain a small root ("/") filesystem.

To install Splunk Enterprise in a different directory:

pkg_add -v -p /usr/splunk splunk_package_name-6.1-intel.tgz

The FreeBSD package system does not have native upgrade support. There are some add-on utilities which try to manage it, but this is not explicitly tested. To upgrade a package on FreeBSD you can either uninstall the prior package, and install the new package, or you can upgrade the existing installation using a tar file install as below.

tar file install

To install Splunk Enterprise on a FreeBSD system with a tar file, expand the file into an appropriate directory using the tar command:

tar xvzf splunk_package_name.tgz

The default install directory is splunk in the current working directory. To install into /opt/splunk, use the following command:

tar xvzf splunk_package_name.tgz -C /opt

Note: When you install Splunk Enterprise with a tar file:

  • Some non-GNU versions of tar might not have the -C argument available. In this case, if you want to install in /opt/splunk, either cd to /opt or place the tar file in /opt before running the tar command. This method will work for any accessible directory on your machine's filesystem.
  • Splunk Enterprise does not create the splunk user automatically. If you want Splunk Enterprise to run as a specific user, you must create the user manually before installing.
  • Ensure that the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

After you install

To ensure that Splunk Enterprise functions properly on FreeBSD, you must:

1. Add the following to /boot/loader.conf

kern.maxdsiz="2147483648" # 2GB
kern.dfldsiz="2147483648" # 2GB
machdep.hlt_cpus=0 

2. Add the following to /etc/sysctl.conf:

vm.max_proc_mmap=2147483647

You must restart FreeBSD for the changes to effect.

If your server has less than 2 GB of memory, reduce the values accordingly.

What gets installed

To see the list of Splunk Enterprise packages:

pkg_info -L splunk

To list all packages:

pkg_info

Start Splunk Enterprise

Splunk Enterprise can run as any user on the local system. If you run it as a non-root user, make sure that it has the appropriate permissions to read the inputs that you specify.

To start Splunk Enterprise from the command line interface, run the following command from $SPLUNK_HOME/bin directory (where $SPLUNK_HOME is the directory into which you installed Splunk Enterprise):

 ./splunk start

By convention, this document uses:

  • $SPLUNK_HOME to identify the path to your Splunk Enterprise installation.
  • $SPLUNK_HOME/bin/ to indicate the location of the command line interface.

Startup options

The first time you start Splunk Enterprise after a new installation, you must accept the license agreement. To start Splunk Enterprise and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

Launch Splunk Web and log in

After you start Splunk Enterprise and accept the license agreement,

1. In a browser window, access Splunk Web at

http://<hostname>:port
  • hostname is the host machine.
  • port is the port you specified during the installation (the default port is 8000).

2. Splunk Web prompts you for login information (default, username admin and password changeme) before it launches. If you switch to Splunk Free, you will bypass this logon page in future sessions.

What's next?

Now that you've installed Splunk Enterprise, what comes next?

Uninstall Splunk Enterprise

To learn how to uninstall Splunk Enterprise, read "Uninstall Splunk Enterprise" in this manual.

PREVIOUS
Install on Mac OS X
  NEXT
Install on AIX

This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters