Installation

How to install Splunk 6.2.2 on a Mac OS X?

Contributor

Hi,

I have downloaded latest Splunk version and in the installation, it says, double click on .dmg but after the download I got a .tgz file, extracted it and put it under Applications. What do I need to do next?

In the Launch pad, I saw an icon Splunk (other) and when i double clicked i got a pop-up:

"ERROR: $SPLUNK_HOME passed into osxManageSplunk.sh is not a valid directory (path=The Splunk installer will replace the contents of this file with a path to the Splunk installation, WITHOUT a newline at the end.
)."

I clicked ok but nothing happened. Can anyone suggest how to install? i have mac osx 10.10.2

Labels (1)
Tags (3)
0 Karma
1 Solution

Motivator

Command line install

Use the following instructions to install from a Terminal window.

Important: To install Splunk Enterprise on Mac OS X from the command line, you must use the root user, or elevate privileges using the sudo command. If you use sudo, your account must be an Admin-level account.

  1. To mount the dmg:

    sudo hdid splunk_package_name.dmg

The Finder mounts the disk image onto the desktop. The image is available under /Volumes/SplunkForwarder (note the space).

  1. To Install

    To the root volume:

    cd /Volumes/SplunkForwarder\
    sudo installer -pkg .payload/splunk.pkg -target /

Note: There is a space in the disk image's name. Use a backslash to escape the space or wrap the disk image name in quotes.

To a different disk of partition: 

cd  /Volumes/SplunkForwarder\ <version>
sudo installer -pkg .payload/splunk.pkg -target /Volumes\ Disk

Note: There is a space in the disk image's name. Use a backslash to escape the space or wrap the disk image name in quotes.

-target specifies a target volume, such as another disk, where Splunk will be installed in /Applications/splunk.

To install into a directory other than /Applications/splunk on any volume, use the graphical installer as described above.
tar file install

To install Splunk Enterprise on Mac OS X, expand the tar file into an appropriate directory using the tar command:

tar xvzf splunk_package_name.tgz

The default install directory is splunk in the current working directory. To install into /Applications/splunk, use the following command:

tar xvzf splunk_package_name.tgz -C /Applications

Note: When you install Splunk Enterprise with a tar file:

Splunk Enterprise does not create the splunk user automatically. If you want it to run as a specific user, you must create the user manually before installing.  Ensure that the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed. 

Start Splunk
run the following command from $SPLUNK_HOME/bin directory (where $SPLUNK_HOME is the directory into which you installed Splunk Enterprise):

sudo  ./splunk start

Launch Splunk Web and log in

After you start Splunk Enterprise and accept the license agreement,
1. In a browser window, access Splunk Web at

http://<hostname>:port
ex:
 http://localhost:8000
or
 http://127.0.0.1:8000
hostname is the host machine.
port is the port you specified during the installation (the default port is 8000). 

you can do Graphical install it.

View solution in original post

Explorer

You can try to download the dmg file from Splunk.com and double click on it to install. This is very easy step. I have installed the latest version of Splunk on Mac and I don't see any problems.

Please note that the latest version of Splunk requires us to create username and password during the installation whereas with Old versions we get default username and password with it (admin/changeme)

Download .dmg file from below location:

https://www.splunk.com/en_us/download/splunk-enterprise.html#tabs/macos

You can also follow the video on youtube.

https://www.youtube.com/watch?v=1wkmEvsUe68

0 Karma

Contributor

Here is what I use while installing Splunk 6.2.2 on Mac OS X (Yosemite 10.10.2):

#mvohra: tar -zxf ~/Downloads/splunk-6.2.2-255606-darwin-64.tgz -C ~/Applications; ~/Applications/splunk/bin/./splunk start --accept-license --auto-ports --no-prompt --answer-yes

Do share your experience so others reading this post can benefit.

Mitesh.

0 Karma

Contributor

Mitesh, Thanks for the answer. Yes i have used those instructions and worked fine.

0 Karma

Motivator

Command line install

Use the following instructions to install from a Terminal window.

Important: To install Splunk Enterprise on Mac OS X from the command line, you must use the root user, or elevate privileges using the sudo command. If you use sudo, your account must be an Admin-level account.

  1. To mount the dmg:

    sudo hdid splunk_package_name.dmg

The Finder mounts the disk image onto the desktop. The image is available under /Volumes/SplunkForwarder (note the space).

  1. To Install

    To the root volume:

    cd /Volumes/SplunkForwarder\
    sudo installer -pkg .payload/splunk.pkg -target /

Note: There is a space in the disk image's name. Use a backslash to escape the space or wrap the disk image name in quotes.

To a different disk of partition: 

cd  /Volumes/SplunkForwarder\ <version>
sudo installer -pkg .payload/splunk.pkg -target /Volumes\ Disk

Note: There is a space in the disk image's name. Use a backslash to escape the space or wrap the disk image name in quotes.

-target specifies a target volume, such as another disk, where Splunk will be installed in /Applications/splunk.

To install into a directory other than /Applications/splunk on any volume, use the graphical installer as described above.
tar file install

To install Splunk Enterprise on Mac OS X, expand the tar file into an appropriate directory using the tar command:

tar xvzf splunk_package_name.tgz

The default install directory is splunk in the current working directory. To install into /Applications/splunk, use the following command:

tar xvzf splunk_package_name.tgz -C /Applications

Note: When you install Splunk Enterprise with a tar file:

Splunk Enterprise does not create the splunk user automatically. If you want it to run as a specific user, you must create the user manually before installing.  Ensure that the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed. 

Start Splunk
run the following command from $SPLUNK_HOME/bin directory (where $SPLUNK_HOME is the directory into which you installed Splunk Enterprise):

sudo  ./splunk start

Launch Splunk Web and log in

After you start Splunk Enterprise and accept the license agreement,
1. In a browser window, access Splunk Web at

http://<hostname>:port
ex:
 http://localhost:8000
or
 http://127.0.0.1:8000
hostname is the host machine.
port is the port you specified during the installation (the default port is 8000). 

you can do Graphical install it.

View solution in original post

Splunk Employee
Splunk Employee

The Mac OS build comes in two forms: a .dmg package and a tar file. Here are the instructions for the:

Graphical (basic) and command line installs using the DMG file and tar file install.

When you click on the big green "Free Splunk" button on the home page, and then select OSX you are given two choices. You've selected the tar file or .tgz (the second one). The first one is the .dmg

Given the confusion, it might be best to grab the .dmg and work with what you know.
If you are intrigued however, the doc contains step by step instructions regarding installing Splunk with the .tgz file.

With Splunk... the answer is always "YES!". It just might require more regex than you're prepared for!
0 Karma

Communicator

hi xvx006,
for more information on how to install the mac i will like you to check on the documentation
Splunk-6.1.1-Installation i think this may help you on how to do it
thanks

0 Karma

Splunk Employee
Splunk Employee

The current version of Splunk is 6.2.2

With Splunk... the answer is always "YES!". It just might require more regex than you're prepared for!
0 Karma

Splunk Employee
Splunk Employee
0 Karma