Splunk® Enterprise

Installation Manual

Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Start Splunk Enterprise for the first time

Before you begin using your new Splunk Enterprise upgrade or installation, take a few moments to make sure that the software and your data are secure. For more information, see Hardening Standards in the Securing Splunk Enterprise manual.

On Windows

You can start Splunk Enterprise on Windows using either the command line, or the Services control panel. Using the command line offers more options.

From a command prompt or PowerShell window, run the following commands:

cd <Splunk Enterprise installation directory>\bin
splunk start

(For Windows users: in subsequent examples and information, replace $SPLUNK_HOME with C:\Program Files\Splunk if you have installed Splunk in the default location. You can also add %SPLUNK_HOME% as a system-wide environment variable by using the Advanced tab in the System Properties dialog box.)

On UNIX

Use the Splunk Enterprise command-line interface (CLI):

cd <Splunk Enterprise installation directory>/bin
./splunk start

Splunk Enterprise then displays the license agreement and prompts you to accept before the startup sequence continues.

You can optionally set the SPLUNK_HOME environment variable to the Splunk Enterprise installation directory so that you can start the software as follows:

export SPLUNK_HOME=<Splunk Enterprise installation directory>
cd $SPLUNK_HOME/bin
./splunk start

Setting the environment variable lets you refer to the installation directory later without having to remember its exact location.

On Mac OS X

Start Splunk Enterprise from the Finder

  1. Double-click the Splunk icon on the Desktop to launch the helper application, entitled "Splunk's Little Helper".
  2. Click OK to allow Splunk to initialize and set up the trial license.
  3. (Optional) Click Start and Show Splunk to start Splunk Enterprise and direct your web browser to open a page to Splunk Web.
  4. (Optional) Click Only Start Splunk to start Splunk Enterprise, but not open Splunk Web in a browser.
  5. (Optional) Click Cancel to quit the helper application. This does not affect the Splunk Enterprise instance itself, only the helper application.

After you make your choice, the helper application performs the requested application and terminates. You can run the helper application again to either show Splunk Web or stop Splunk Enterprise.

The helper application can also be used to stop Splunk Enterprise if it is already running.

Start Splunk Enterprise from the command line

On macOS, the default Splunk Enterprise installation directory is /Applications/splunk.

cd <Splunk Enterprise installation directory>/bin
./splunk start

If the default management and Splunk Web ports are already in use (or are otherwise not available), Splunk Enterprise offers to use the next available ports. You can either accept this option or specify a port to use.

Other start options

To accept the license automatically when you start Splunk Enterprise for the first time, add the accept-license option to the start command:

$SPLUNK_HOME/bin/splunk start --accept-license

The startup sequence displays:

Splunk> All batbelt. No tights.

Checking prerequisites...
	Checking http port [8000]: open
	Checking mgmt port [8089]: open
	Checking appserver port [127.0.0.1:8065]: open
	Checking kvstore port [8191]: open
	Checking configuration...  Done.
	Checking critical directories...	Done
	Checking indexes...
		Validated: _audit _blocksignature _internal _introspection _thefishbucket history main msad msexchange perfmon sf_food_health sos sos_summary_daily summary windows wineventlog winevents
	Done
	Checking filesystem compatibility...  Done
	Checking conf files for problems...
	Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done
                                                           [  OK  ]

Waiting for web server at http://127.0.0.1:8000 to be available... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://localhost:8000

There are two other start options: no-prompt and answer-yes:

  • If you run $SPLUNK_HOME/bin/splunk start --no-prompt, Splunk Enterprise proceeds with startup until it requires you to answer a question. Then, it displays the question, why it is quitting, and quits.
  • If you run SPLUNK_HOME/bin/splunk start --answer-yes, Splunk Enterprise proceeds with startup and automatically answers "yes" to all yes/no questions. It displays the question and answer as it continues.

If you run start with all three options in one line, for example:

$SPLUNK_HOME/bin/splunk start --answer-yes --no-prompt --accept-license
  • Splunk does not ask you to accept the license.
  • Splunk answers yes to any yes/no question.
  • Splunk quits when it encounters a non-yes/no question.

Change where and how Splunk Enterprise starts

To learn how to change system environment variables that control how Splunk Enterprise starts and operates, see "Set or change environment variables" in the Admin manual.

Launch Splunk Web

With a supported web browser, navigate to:

http://<host name or ip address>:8000

Use whatever host and port you chose during installation.

The first time you log in to Splunk Enterprise, the default login details are:
Username - admin
Password - changeme

Last modified on 16 February, 2018
Run Splunk Enterprise as a different or non-root user   What happens next?

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters