Getting Data In

Why am I receiving errors when attempting to start Splunk in the Windows CLI?

mjscoggins
Explorer

I was getting connection refused in the browser (localhost:8000/en-US/app/launcher/home). I was able to start splunk in Windows Services, but received the following Access Denied errors when attempting to start the service in the CLI. Any idea why? I was not logged in as a system admin in case that matters.

C:\Program Files\Splunk\bin>splunk start

Splunk> Like an F-18, bro.

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
ERROR - Failed opening "C:\Program Files\Splunk\var\log\splunk\splunkd-utility.log": Access is denied.
Checking configuration... Done.
Failed to open splunk.secret 'C:\Program Files\Splunk\etc\auth\splunk.secret' file. Some passwords will not work. errno=Access is denied.
Unable to read 'C:\Program Files\Splunk\etc\auth\splunk.secret' file.
Checking critical directories... Done
ERROR - Failed opening "C:\Program Files\Splunk\var\log\splunk\splunkd-utility.log": Access is denied.
Checking indexes...
homePath='C:\Program Files\Splunk\var\lib\splunk\audit\db' of index=_audit on unusable filesystem.
Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at splunk.com/page/submit_issue
0 Karma
1 Solution

elliotproebstel
Champion

So that you can close this out, I'll post this as an answer:

That very much reads like a permissions problem. Try running Splunk as an admin-level user. That should give you permissions to read and write the appropriate files.

View solution in original post

elliotproebstel
Champion

So that you can close this out, I'll post this as an answer:

That very much reads like a permissions problem. Try running Splunk as an admin-level user. That should give you permissions to read and write the appropriate files.

elliotproebstel
Champion

That very much reads like a permissions problem. Using the account from which you tried to start Splunk, can you access those files?

C:\Program Files\Splunk\var\log\splunk\splunkd-utility.log
C:\Program Files\Splunk\etc\auth\splunk.secret

ssadanala1
Contributor

try setting this

$SPLUNK_HOME/etc/splunk-launch.conf:
OPTIMISTIC_ABOUT_FILE_LOCKING = 1

This error should encounter when installing splunk on mac0s
https://answers.splunk.com/answers/600702/problem-installing-splunk-enterprise-on-macos-1013-1.html

0 Karma

mjscoggins
Explorer

I can open the first, but receive access denied on the second when running the CLI with a non-admin account. Ran as Admin and was able to open both. Newbie B-P

Thanks!

0 Karma

somesoni2
SplunkTrust
SplunkTrust

When restarting splunk from CLI, did you open the Command prompt as Administrator?

0 Karma

mjscoggins
Explorer

Not at first, but that was the problem. Ran Command prompt as Administrator and no more errors received.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...