Splunk® Enterprise

Admin Manual

Acrobat logo Download manual as PDF


Splunk Enterprise version 8.0 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
Acrobat logo Download topic as PDF

Start and stop Splunk Enterprise

This topic provides common methods for starting and stopping Splunk Enterprise.

Start Splunk Enterprise on Windows

Splunk Enterprise installations are placed into the path C:\Program Files\Splunk by default. The documentation will refer to this default path as %SPLUNK_HOME%. Splunk Enterprise installs one service named splunkd. In normal operation, only the splunkd service runs and handles all Splunk Enterprise operations, including the Splunk Web interface.

You can start and stop Splunk Enterprise on Windows in one of the following ways:

Use the Windows Services control panel.

  1. Click the Start Button and type "services."
  2. Select the Services control panel option.
  3. In the Services control panel, find the Splunkd Service service.
  4. Start or stop the service.

Use the NET START or NET STOP commands.

  1. Open an administrative command prompt.
  2. Type: NET START splunkd or NET STOP splunkd.

Use the Splunk Enterprise executable.

  1. Open an administrative command prompt.
  2. Change the path to %SPLUNK_HOME%\bin.
  3. Type: splunk [start|stop|restart].

Start Splunk Enterprise on *nix

Splunk Enterprise installations using a package (.rpm or .deb) will install into the path /opt/splunk by default. The documentation will refer to this default path as $SPLUNK_HOME. Splunk Enterprise installs one process named splunkd. In normal operation, only the splunkd process runs and handles all Splunk Enterprise operations, including the Splunk Web interface.

You can start and stop Splunk Enterprise on *nix in one of the following ways:

Use the Splunk Enterprise process.

  1. Log in as the user account running Splunk Enterprise processes.
  2. Open a shell prompt.
  3. Change the path to $SPLUNK_HOME/bin
  4. Type: splunk [start|stop|restart].

Use a service command. If you configured Splunk Enterprise to start at boot time, you will interact with the process using the service command. Using the service command ensures that the user configured in the init.d script starts the process. See Enable boot-start on *nix platforms.

  1. Open a shell prompt.
  2. Type: splunkd service [start|stop|restart].

Use systemd commands. If you configured Splunk Enterprise to use systemd, you will interact with the process using the systemctl command. See Configure systemd using enable boot-start.

  1. Open a shell prompt.
  2. Type: systemctl [start|stop|restart] Splunkd.service.

Restart Splunk Enterprise from Splunk Web

You can restart Splunk Enterprise from Splunk Web:

  1. Log into Splunk Web as an admin role
  2. In Splunk Web, go to Settings > Server controls
  3. Select "Restart Splunk"

Check if Splunk Enterprise is running

To verify that the Splunk Enterprise processes are running:

Use the "status" command on *nix.

  1. Log in as the user account running Splunk Enterprise processes.
  2. Open a shell prompt.
  3. Change the path to $SPLUNK_HOME/bin.
  4. Type: splunk status.

Use the "status" command on Windows.

  1. Open an administrative command prompt.
  2. Change the path to %SPLUNK_HOME%\bin.
  3. Type: splunk status.

Use the process viewer command on *nix

  1. Open a shell prompt.
  2. Type: ps aux | grep splunkd | grep -v grep.
  3. Look for running processes.

Use the process list command on Windows.

  1. Open a powershell prompt.
  2. Type: Get-process splunkd.
  3. Look for running processes.
Last modified on 27 April, 2020
PREVIOUS
Customize the CLI login banner
  NEXT
Configure Splunk Enterprise to start at boot time

This documentation applies to the following versions of Splunk® Enterprise: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.2.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters