Disable or limit antivirus software if able

The Splunk Enterprise indexing subsystem requires high disk throughput. Any software with a device driver that intermediates between Splunk Enterprise and the operating system can restrict processing power available to Splunk Enterprise, causing slowness and even an unresponsive system. This includes anti-virus software.

You must configure such software to avoid on-access scanning of Splunk Enterprise installation directories and processes before you start a Splunk installation.

Consider installing Splunk software into a directory with a short path name

By default, the Splunk MSI file installs the software to \Program Files\Splunk on the system drive (the drive that booted your Windows machine.) While this directory is fine for many Splunk software installations, it might be problematic for installations that run in distributed deployments or that employ advanced Splunk features such as search-head or indexer clustering.

The Windows API has a path limitation of MAX_PATH which Microsoft defines as 260 characters including the drive letter, colon, backslash, 256-characters for the path, and a null terminating character. Windows cannot address a file path that is longer than this, and if Splunk software creates a file with a path length that is longer than MAX_PATH, it cannot retrieve the file later. There is no way to change this configuration.

To work around this problem, if you know that the instance will be a member of a search head or indexer cluster, consider installing the software into a directory with a short path length, for example C:\Splunk or D:\SPL.

Begin the installation

1. Download the Splunk installer from the Splunk download page.
2. To start the installer, double-click the splunk.msi file. The installer runs and displays the Splunk Enterprise Installer panel.
   
3. To continue the installation, check the "Check this box to accept the License Agreement" checkbox. This activates the "Customize Installation" and "Next" buttons.
4. (Optional) If you want to view the license agreement, select View License Agreement.

Installation Options

The Windows installer gives you two choices: Install with the default installation settings, or configure all settings prior to installing.

When you choose to install with the default settings, the installer does the following:

• Installs Splunk Enterprise in \Program Files\Splunk on the drive that booted your Windows machine.
• Installs Splunk Enterprise with the default management and Web network ports.
• Configures Splunk Enterprise to run as the unprivileged NT SERVICE\Splunkd user.
  Note: For additional options and information about installing Splunk Enterprise on Windows as a specific user, see Choose the Windows user Splunk Enterprise should run as. As of Version 10.2, options to specify users are limited.
• Prompts you to create a Splunk administrator password. You must do this before installation can continue.
• Creates a Start Menu shortcut for the software.

If you want to change any of these default installation settings, select Customize Options and proceed with the instructions in "Customize Options" in this topic.

Otherwise, select Next. You will be prompted for a password for the Splunk admin user. After you supply a password, installation begins and you can continue with the "Complete the install" instructions later in this topic.

Customize options during the installation

You can customize several options during the installation. When you choose to customize options, the installer displays the "Install Splunk Enterprise to" panel.

By default, the installer puts Splunk Enterprise into \Program Files\Splunk on the system drive. This documentation set refers to the Splunk Enterprise installation directory as $SPLUNK_HOME or %SPLUNK_HOME%.

Splunk Enterprise installs and runs two Windows services, splunkd and splunkweb. The splunkd service handles all Splunk Enterprise operations, and the splunkweb service installs to run only in legacy mode.

1. Create credentials for the Splunk administrator user by entering a username and password that meets the minimum eligibility requirements as shown in the panel and select Next.
   Note: You must perform this action as the installation cannot proceed without your completing it. If you do not enter a username, the installer creates the admin user during the installation process.
2. The installer displays the installation summary panel.
   
3. Select "Install" to proceed with the installation.

Complete the installation

The installer runs, installs the software, and displays the Installation Complete panel.

If you specified the wrong user during the installation procedure, you will see two pop-up error windows explaining this. If this occurs, Splunk Enterprise installs itself as the Local System user by default. Splunk Enterprise does not start automatically in this situation. You can proceed through the final panel of the installation, but uncheck the "Launch browser with Splunk" checkbox to prevent your browser from launching. Then, use these instructions to switch to the correct user before starting Splunk.

1. (Optional) Check the boxes to Launch browser with Splunk and Create Start Menu Shortcut.
2. Select Finish. The installation completes, Splunk Enterprise starts and launches in a supported browser if you checked the appropriate box.