Getting Data In

Why is starting splunkd on windows failing with an error?

brdr
Contributor

We are using Splunk Enterprise 7.1 on windows. I'm attempting to start splunk daemon unsuccessfully. Within splunkd.log I see this:

08-15-2018 15:23:29.835 -0700 INFO  loader - Automatic migration of modular inputs
08-15-2018 15:23:40.742 -0700 INFO  loader - win-service: Command pre-flight-checks ran successfully.
08-15-2018 15:23:42.007 -0700 ERROR loader - win-service: Error running check-xml-files (_pclose returned 2).
08-15-2018 15:23:42.023 -0700 ERROR loader - win-service: Here is the output from running check-xml-files:
08-15-2018 15:23:42.023 -0700 ERROR loader - C:\Program Files\Splunk\bin\Python.EXE: can't open file 'C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\clilib\cli.py': [Errno 13] Permission denied
08-15-2018 15:23:42.023 -0700 ERROR loader - <<<<< EOF (check-xml-files)

Any idea why startup fails with this error? NOTE: I have administrator rights on this box.

Thx

0 Karma
1 Solution

brdr
Contributor

I rebooted the box... splunkd DID auto start. Then I manually stopped/started with same creds and it working fine now. So, rebooting fixed it... thanks folks for helping.

The output is below:

SERVICE_NAME: splunkd
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Splunk\bin\splunkd.exe" service
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Splunkd Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

C:\Users\Administrator>

View solution in original post

0 Karma

brdr
Contributor

I rebooted the box... splunkd DID auto start. Then I manually stopped/started with same creds and it working fine now. So, rebooting fixed it... thanks folks for helping.

The output is below:

SERVICE_NAME: splunkd
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Splunk\bin\splunkd.exe" service
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Splunkd Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

C:\Users\Administrator>

0 Karma

jhornsby_splunk
Splunk Employee
Splunk Employee

What is the output of the following commands from an elevated command prompt:
sc.exe qc splunkd
icacls "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\clilib\cli.py"

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

Is the user /service account you are using to run splunk is also same as Administrator?

Happy Splunking!
0 Karma

brdr
Contributor

there is no user/service account. it was installed using account Administrator. Which is what i used to log into windows system as and then attempt to start. I can stop Splunkd service no problem.

0 Karma

brdr
Contributor

and from the last startup in previous splunkd log i see this:

08-08-2018 17:03:05.010 -0700 INFO loader - win-service: Starting as a Windows service: will run various system checks first...
08-08-2018 17:03:05.010 -0700 INFO loader - win-service: Splunk starting as a local administrator
08-08-2018 17:03:05.010 -0700 INFO loader - Automatic migration of modular inputs
08-08-2018 17:03:17.464 -0700 INFO loader - win-service: Command pre-flight-checks ran successfully.
08-08-2018 17:03:20.995 -0700 INFO loader - win-service: Command check-xml-files ran successfully.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...