Splunk® Enterprise

Installation Manual

Download manual as PDF

Splunk Enterprise version 6.x is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Install on AIX

You can install Splunk Enterprise on AIX using a tar file.

Important: The user Splunk is installed as must have permission to read /dev/random and /dev/urandom or the installation will fail.


If you are upgrading, review "How to upgrade Splunk Enterprise" for instructions and migration considerations before proceeding.

Install Splunk Enterprise

The AIX install comes in tar file form.

When you install with the tar file:

  • Splunk Enterprise does not create the splunk user automatically. If you want Splunk Enterprise to run as a specific user, you must create the user manually.
  • Be sure the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.
  • We recommend you use GNU tar to unpack the tar files, as AIX tar can fail to unpack long file names, fail to overwrite files, and other problems. If you must use the system tar, be sure to check the output for error messages.

To install Splunk Enterprise on an AIX system, expand the tar file into an appropriate directory. The default install directory is /opt/splunk.

For AIX 5.3, check to make sure your service packs are up to date. Splunk Enterprise requires the following service level:

$ oslevel -r

Start Splunk Enterprise

Splunk Enterprise can run as any user on the local system. If you run it as a non-root user, make sure that it has the appropriate permissions to read the inputs that you specify. Refer to the instructions for running Splunk Enterprise as a non-root user for more information.

To start Splunk Enterprise from the command line interface, run the following command from $SPLUNK_HOME/bin directory (where $SPLUNK_HOME is the directory into which you installed Splunk):

 ./splunk start

By convention, this document uses:

  • $SPLUNK_HOME to identify the path to your Splunk installation.
  • $SPLUNK_HOME/bin/ to indicate the location of the command line interface.

Enable automatic starting of Splunk Enterprise at boot time

The AIX version of Splunk does not register itself to auto-start on reboot. However, you can do so by running the following command from the $SPLUNK_HOME/bin directory at a prompt:

./splunk enable boot-start

This command invokes the following system commands to register Splunk Enterprise and Splunk Web in the System Resource Controller (SRC):

mkssys -G splunk -s splunkd -p <path to splunkd> -u <splunk user> -a _internal_exec_splunkd -S -n 2 -f 9
mkssys -G splunk -s splunkweb -p <path to python> -u <splunk user> -a _internal_exec_splunkweb -S -n 15 -f 9

When you enable automatic boot start, the SRC handles the run state of the Splunk Enterprise service. This means that you must use a different command to start and stop Splunk Enterprise manually:

  • /usr/bin/startsrc -s splunkd to start Splunk Enterprise.
  • /usr/bin/stopsrc -s splunkd to stop Splunk Enterprise.

If you attempt to start and stop Splunk Enterprise using the ./splunk [start|stop] method from the $SPLUNK_HOME directory, the SRC catches the attempt and Splunk Enterprise displays the following message:

Splunk boot-start is enabled. Please use /usr/bin/[startsrc|stopsrc] -s splunkd to [start|stop] Splunk.

To prevent this message from occurring and restore the ability to start and stop Splunk Enterprise from the $SPLUNK_HOME directory, disable boot start:

./splunk disable boot-start

Startup options

The first time you start Splunk Enterprise after a new installation, you must accept the license agreement. To start Splunk Enterprise and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

For more information, refer to "Splunk Enterprise startup options" in this manual.

Launch Splunk Web and log in

After you start Splunk Enterprise and accept the license agreement,

1. In a browser window, access Splunk Web at

  • hostname is the host machine.
  • port is the port you specified during the installation (the default port is 8000).

2. Splunk Web prompts you for login information (default, username admin and password changeme) before it launches. If you switch to Splunk Free, you will bypass this logon page in future sessions.

What's next?

Now that you've installed Splunk Enterprise, what comes next?

Uninstall Splunk Enterprise

To learn how to uninstall Splunk Enterprise, read "Uninstall Splunk Enterprise" in this manual.

Install on FreeBSD
Install on HP-UX

This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters