Thanks, will check the file in the temp folder, I have been using the msiexec method to start it. I have new problem now!
Ouch - the splunkd service will not stay running!

Thanks for the input,

eholz1

So you got through the install wizard?

Hello woodcock,

Well, it seems the issue is permissions as you indicated. A domain user is set to run the splunkd service.
and from what I read the "splunkuser" should have access to D:\Program Files\Splunk....

Does this user also have to have permissions on D:...?

I am unable to set permissions on some files and folders under Splunk/... when I attempt to set the permissions some folders/files return "access denied"

I will do more research tomorrow

Thanks,
eholz1

Hi eholz1,

The installer should be ensuring that all permissions are correct, so unless that is failing (which should be recorded in the %TEMP%/splunk.log file that @woodcock mentioned---search for icacls), there really shouldn't be a problem there. However, what is true for some directories\files is that although the user that splunkd executes as has access, you as a member of Administrators, or whatever, may not. That is somewhat unconventional for Windows, but it is not a bug per se.

Hope this clarifies some.

Cheers,

• Jo.

Hello jhornsby,

Thanks for the reply, I will check icacls and see what it shows.
there is no splunk.log file in %TEMP%, I will assume that %TEMP% is that user/appdata/local/splunk, etc.

Thanks for the tip, I will check things out (again) and get back one way or the other.

eholz1

Found the problem. there were two bogus ca pem files in the /etc/auth folder,
I delete those, and the install completed. Thanks,