Starting Splunk

We are now ready to start Splunk for the first time! You will want to run Splunk Enterprise as a Splunk user by using the: su - splunk command.

Then, navigate to the /opt/splunk/bin directory with the: cd /opt/splunk/bin command and type ./splunk start.

You will be presented with a lengthy license agreement that you can spacebar through and then accept by typing y. Alternatively, you can start Splunk with an argument to just accept the license:

./splunk start --accept-license

You may be prompted to enter and verify an admin password, and then Splunk will go through the startup process; when it is finished, it will tell you where the Splunk Web interface is. Enter the given string into a new browser window (be sure to include the http:// before the IP address and :8000 at the end) and you will be presented with the Splunk login screen:

After logging in (using the admin password provided when you started Splunk), you may be presented with a Help us improve Splunk software window; you can check or uncheck those options as you choose or skip it. When the page loads, click the Search and Reporting icon on the left-hand side; you will be prompted to Take a quick tour alternatively, you can skip that as well.

Congratulations!! You have a fully operational installation of Splunk Enterprise on Linux. Before we move on, there is one more task to perform at the command line.