Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

unable start forwarder

st88
Loves-to-Learn
‎05-27-2021 03:10 PM

i can't start forwarder i take this error:

Starting splunk server daemon (splunkd)...
SplunkForwarder: Unable to start the service: Access is denied.

0 Karma
Reply

SamHTexas
Builder
‎06-07-2021 01:52 PM

Not sure if the management port you have listed above 9089 is correct. I have used 8089 for the longest time.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-27-2021 05:21 PM

Verify the files are owned by the right user. Confirm you are starting Splunk as that user.

For more suggestions, tell us more about the problem.  Is this a fresh installation?  Has it ever worked?  What platform?  How was the forwarder installed?  How are you trying to start it?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

st88
Loves-to-Learn
‎05-28-2021 12:32 AM

How can i verify the files are owned by the right user and start splunk from this user?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-28-2021 07:12 AM

Yeah, that was more of a Linux answer than a Windows answer.  Sorry about that.

I wonder if maybe the virtualization is causing the problem.  Have you tried installing the forwarder directly on the host system?  Why not use a Linux VM?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

st88
Loves-to-Learn
‎05-28-2021 12:25 AM

Yes it is first installation on windows virtual box on windows host, also it has never worked. I installed from gui installer and i am truing to start by splunk start or splunk restart on command line and i get the following:

 

Checking prerequisites...
        Checking mgmt port [9089]: open
        Checking conf files for problems...
        Done
        Checking default conf files for edits...
        Validating installed files against hashes from 'C:\Program Files\SplunkUniversalForwarder\splunkforwarder-8.2.0-e053ef3c985f-windows-64-manifest'
        All installed files intact.
        Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
SplunkForwarder: Unable to start the service: Access is denied.
 
 
 
 
0 Karma
Reply

splnkuserav
Observer
‎06-19-2021 02:00 PM

I am seeing same error.  Did this ever get resolved?

Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...