Splunk v6.4.4 from ova for vmware my expirience: 

1. Download OVA  from https://www.splunk.com/ after the registration process.
2. Deployed OVA to Esxi 
3. Start vmachine
4. First log in l:splunkadmin p:changeme
5. Log in as root --> su p:changemenow
5a. run firt time as root command -> slpunk start and read all and confirm 'y' plus enter.
6. you must change Ip address -> vi /etc/sysconfig/network-scripts/ifcfg-eth0 if you want static you must add. Default is set dhcp. 
BOOTPROTO=none
IPADDR=192.168.2.62
NETMASK=255.255.0.0
# /etc/init.d/network restart
7. you must change gateway vi /etc/sysconfig/network  -> add line GATEWAY=192.168.2.1
# /etc/init.d/network restart
8. next >splunk restart
9. If you want change webserver you must add line in (default is set 172.0.0.1)-> splunk-launch.conf 
SPLUNK_BINDIP=192.168.2.62
10. next >splunk restart
11. you can change port default is set 8000
12. in you webbrownswer enter http://192.168.2.62:8000
13. username:admin password: changeme you will ask to change password. you can press "skip"
14. 


teraz konfiguracja poprzez www --> dodawanie co ma nasluchiwać, na jakich portach, jak wyswietlac... 
no i dodanie forwarderow na maszynach kóre mają byś obrabiane przez splunka. 


http://docs.splunk.com/Documentation/Splunk/6.5.2/admin/Webconf