Start Splunk Enterprise for the first time
Before you begin using your new Splunk Enterprise upgrade or installation, take a few moments to make sure that the software and your data are secure. For more information, see Hardening Standards in the Securing Splunk Enterprise manual.
On Windows
You can start Splunk Enterprise on Windows using either the command line, or the Services control panel. Using the command line offers more options.
From a command prompt or PowerShell window, run the following commands:
cd <Splunk Enterprise installation directory>\bin splunk start
(For Windows users: in subsequent examples and information, replace $SPLUNK_HOME
with C:\Program Files\Splunk
if you have installed Splunk in the default location. You can also add %SPLUNK_HOME%
as a system-wide environment variable by using the Advanced tab in the System Properties dialog box.)
On UNIX
Use the Splunk Enterprise command-line interface (CLI):
cd <Splunk Enterprise installation directory>/bin ./splunk start
Splunk Enterprise then displays the license agreement and prompts you to accept before the startup sequence continues.
You can optionally set the SPLUNK_HOME
environment variable to the Splunk Enterprise installation directory so that you can start the software as follows:
export SPLUNK_HOME=<Splunk Enterprise installation directory> cd $SPLUNK_HOME/bin ./splunk start
Setting the environment variable lets you refer to the installation directory later without having to remember its exact location.
On Mac OS X
Start Splunk Enterprise from the Finder
- Double-click the Splunk icon on the Desktop to launch the helper application, entitled "Splunk's Little Helper".
- Click OK to allow Splunk to initialize and set up the trial license.
- (Optional) Click Start and Show Splunk to start Splunk Enterprise and direct your web browser to open a page to Splunk Web.
- (Optional) Click Only Start Splunk to start Splunk Enterprise, but not open Splunk Web in a browser.
- (Optional) Click Cancel to quit the helper application. This does not affect the Splunk Enterprise instance itself, only the helper application.
After you make your choice, the helper application performs the requested application and terminates. You can run the helper application again to either show Splunk Web or stop Splunk Enterprise.
The helper application can also be used to stop Splunk Enterprise if it is already running.
Start Splunk Enterprise from the command line
On macOS, the default Splunk Enterprise installation directory is /Applications/splunk
.
cd <Splunk Enterprise installation directory>/bin ./splunk start
If the default management and Splunk Web ports are already in use (or are otherwise not available), Splunk Enterprise offers to use the next available ports. You can either accept this option or specify a port to use.
Other start options
To accept the license automatically when you start Splunk Enterprise for the first time, add the accept-license
option to the start
command:
$SPLUNK_HOME/bin/splunk start --accept-license
The startup sequence displays:
Splunk> All batbelt. No tights. Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Checking appserver port [127.0.0.1:8065]: open Checking kvstore port [8191]: open Checking configuration... Done. Checking critical directories... Done Checking indexes... Validated: _audit _blocksignature _internal _introspection _thefishbucket history main msad msexchange perfmon sf_food_health sos sos_summary_daily summary windows wineventlog winevents Done Checking filesystem compatibility... Done Checking conf files for problems... Done All preliminary checks passed. Starting splunk server daemon (splunkd)... Done [ OK ] Waiting for web server at http://127.0.0.1:8000 to be available... Done If you get stuck, we're here to help. Look for answers here: http://docs.splunk.com The Splunk web interface is at http://localhost:8000
There are two other start
options: no-prompt
and answer-yes
:
- If you run
$SPLUNK_HOME/bin/splunk start --no-prompt
, Splunk Enterprise proceeds with startup until it requires you to answer a question. Then, it displays the question, why it is quitting, and quits. - If you run
SPLUNK_HOME/bin/splunk start --answer-yes
, Splunk Enterprise proceeds with startup and automatically answers "yes" to all yes/no questions. It displays the question and answer as it continues.
If you run start with all three options in one line, for example:
$SPLUNK_HOME/bin/splunk start --answer-yes --no-prompt --accept-license
- Splunk does not ask you to accept the license.
- Splunk answers yes to any yes/no question.
- Splunk quits when it encounters a non-yes/no question.
Change where and how Splunk Enterprise starts
To learn how to change system environment variables that control how Splunk Enterprise starts and operates, see "Set or change environment variables" in the Admin manual.
Launch Splunk Web
With a supported web browser, navigate to:
http://<host name or ip address>:8000
Use whatever host and port you chose during installation.
The first time you log in to Splunk Enterprise, the default login details are:
Username - admin
Password - changeme
Run Splunk Enterprise as a different or non-root user | What happens next? |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13
Feedback submitted, thanks!