Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

unable start forwarder

st88
Loves-to-Learn
‎05-27-2021 03:10 PM

i can't start forwarder i take this error:

Starting splunk server daemon (splunkd)...
SplunkForwarder: Unable to start the service: Access is denied.

0 Karma
Reply

SamHTexas
Builder
‎06-07-2021 01:52 PM

Not sure if the management port you have listed above 9089 is correct. I have used 8089 for the longest time.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-27-2021 05:21 PM

Verify the files are owned by the right user. Confirm you are starting Splunk as that user.

For more suggestions, tell us more about the problem.  Is this a fresh installation?  Has it ever worked?  What platform?  How was the forwarder installed?  How are you trying to start it?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

st88
Loves-to-Learn
‎05-28-2021 12:32 AM

How can i verify the files are owned by the right user and start splunk from this user?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-28-2021 07:12 AM

Yeah, that was more of a Linux answer than a Windows answer.  Sorry about that.

I wonder if maybe the virtualization is causing the problem.  Have you tried installing the forwarder directly on the host system?  Why not use a Linux VM?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

st88
Loves-to-Learn
‎05-28-2021 12:25 AM

Yes it is first installation on windows virtual box on windows host, also it has never worked. I installed from gui installer and i am truing to start by splunk start or splunk restart on command line and i get the following:

 

Checking prerequisites...
        Checking mgmt port [9089]: open
        Checking conf files for problems...
        Done
        Checking default conf files for edits...
        Validating installed files against hashes from 'C:\Program Files\SplunkUniversalForwarder\splunkforwarder-8.2.0-e053ef3c985f-windows-64-manifest'
        All installed files intact.
        Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
SplunkForwarder: Unable to start the service: Access is denied.
 
 
 
 
0 Karma
Reply

splnkuserav
Observer
‎06-19-2021 02:00 PM

I am seeing same error.  Did this ever get resolved?

Thanks!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...