Start and stop Splunk Enterprise
This topic provides common methods for starting and stopping Splunk Enterprise.
Start Splunk Enterprise on Windows
Splunk Enterprise installations are placed into the path C:\Program Files\Splunk by default. The documentation will refer to this default path as %SPLUNK_HOME%.
Splunk Enterprise installs one service named splunkd. In normal operation, only the splunkd service runs and handles all Splunk Enterprise operations, including the Splunk Web interface.
You can start and stop Splunk Enterprise on Windows in one of the following ways:
Use the Windows Services control panel.
- Click the Start Button and type "services."
- Select the Services control panel option.
- In the Services control panel, find the Splunkd Serviceservice.
- Start or stop the service.
Use the NET START or NET STOP commands.
- Open an administrative command prompt.
- Type: NET START splunkdorNET STOP splunkd.
Use the Splunk Enterprise executable.
- Open an administrative command prompt.
- Change the path to %SPLUNK_HOME%\bin.
- Type: splunk [start|stop|restart].
Start Splunk Enterprise on *nix
Splunk Enterprise installations using a package (.rpm or .deb) will install into the path /opt/splunk by default. The documentation will refer to this default path as $SPLUNK_HOME.
Splunk Enterprise installs one process named splunkd. In normal operation, only the splunkd process runs and handles all Splunk Enterprise operations, including the Splunk Web interface.
You can start and stop Splunk Enterprise on *nix in one of the following ways:
Use the Splunk Enterprise process.
- Log in as the user account running Splunk Enterprise processes.
- Open a shell prompt.
- Change the path to $SPLUNK_HOME/bin
- Type: splunk [start|stop|restart].
Use a service command. If you configured Splunk Enterprise to start at boot time, you will interact with the process using the service command. Using the service command ensures that the user configured in the init.d script starts the process. See Enable boot-start on *nix platforms.
- Open a shell prompt.
- Type: splunkd service [start|stop|restart].
Use systemd commands. If you configured Splunk Enterprise to use systemd, you will interact with the process using the systemctl command. See Configure systemd using enable boot-start.
- Open a shell prompt.
- Type: systemctl [start|stop|restart] Splunkd.service.
Restart Splunk Enterprise from Splunk Web
You can restart Splunk Enterprise from Splunk Web:
- Log into Splunk Web as an admin role
- In Splunk Web, go to Settings > Server controls
- Select "Restart Splunk"
Check if Splunk Enterprise is running
To verify that the Splunk Enterprise processes are running:
Use the "status" command on *nix.
- Log in as the user account running Splunk Enterprise processes.
- Open a shell prompt.
- Change the path to $SPLUNK_HOME/bin.
- Type: splunk status.
Use the "status" command on Windows.
- Open an administrative command prompt.
- Change the path to %SPLUNK_HOME%\bin.
- Type: splunk status.
Use the process viewer command on *nix
- Open a shell prompt.
- Type: ps aux | grep splunkd | grep -v grep.
- Look for running processes.
Use the process list command on Windows.
- Open a powershell prompt.
- Type: Get-process splunkd.
- Look for running processes.