The account that splunk is running as, does it have rights in that denied directory? Also, to test, have you tried creating this with an admin account to check it's not a weird permissions problem?
The account does have full access to the directory. I am also creating the token with an admin account.
I'm looking at two conf files for this but there doesn't seem to be permission issues