Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk forward on Windows server 2008, Exitcode 4

mnarkiewicz
Explorer
‎09-13-2013 04:59 PM

I'm trying to install the splunk forwarder for Windows server 2008 R2 and I keep getting the same error. The error is:

Splunk installer was unable to start Splunk Services.
Please make sure you have provided the correct username and/or password, and the user you are trying to run Splunk as has the correct privileges. Exitcode="4"

Before I tried installing this in our production environment I installed it on a test system. I followed this guide http://docs.splunk.com/Documentation/Splunk/5.0.4/Installation/PrepareyourWindowsnetworkforaSplunkin... and everything worked just fine. I followed the same steps in production and all I get is this error. I have verified that all group, permmission and GPO settings are exactly the same in test and production (except the domain names)

Tags (3)
0 Karma
Reply

mnarkiewicz
Explorer
‎09-17-2013 04:28 PM

Sorry for the long delay before responding, but running the sc query commands did not show anything. Listing all the services in the service console doesn't show the splunk services either. I have set the log on and service permissions and the log on as a batch job permissions to allow the splunk user.

I have set the splunk user to be part of the builtin administrator's group and still, no luck.

0 Karma
Reply

rovechkin_splun
Splunk Employee
Splunk Employee
‎09-13-2013 10:15 PM

can you check that splunk was not installed previously on the machine by doing
sc query splunkd
sc query splunkweb?

if they exist you need to delete them first using "sc delete service_name"

if you are installing Splunk to run as a user make sure that it has
Permission to log on as a service
Permission to log on as a batch job

you can also temporary make your user a member of buitdin administrator group to make sure that this is not permission problem.

Reply

mnarkiewicz
Explorer
‎09-17-2013 04:33 PM

Sorry for taking so long to respond.

I ran the sc query commands and it showed nothing, and in the services list in the services console they are not present.

I have set the "log on as a service" and "log on as a batch job" permissions to allow the splunk user to connect. I have added the splunk user to the builtin administrator group and still no luck.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

    Thursday, June 25, 2026  |  11AM PDT / 2PM EDT  Duration: 1 Hour (Includes live Q&A) Register to ...

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...