We are using Splunk Enterprise 7.1 on windows. I'm attempting to start splunk daemon unsuccessfully. Within splunkd.log I see this:
08-15-2018 15:23:29.835 -0700 INFO loader - Automatic migration of modular inputs
08-15-2018 15:23:40.742 -0700 INFO loader - win-service: Command pre-flight-checks ran successfully.
08-15-2018 15:23:42.007 -0700 ERROR loader - win-service: Error running check-xml-files (_pclose returned 2).
08-15-2018 15:23:42.023 -0700 ERROR loader - win-service: Here is the output from running check-xml-files:
08-15-2018 15:23:42.023 -0700 ERROR loader - C:\Program Files\Splunk\bin\Python.EXE: can't open file 'C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\clilib\cli.py': [Errno 13] Permission denied
08-15-2018 15:23:42.023 -0700 ERROR loader - <<<<< EOF (check-xml-files)
Any idea why startup fails with this error? NOTE: I have administrator rights on this box.
Thx
I rebooted the box... splunkd DID auto start. Then I manually stopped/started with same creds and it working fine now. So, rebooting fixed it... thanks folks for helping.
The output is below:
SERVICE_NAME: splunkd
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Splunk\bin\splunkd.exe" service
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Splunkd Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\Users\Administrator>
I rebooted the box... splunkd DID auto start. Then I manually stopped/started with same creds and it working fine now. So, rebooting fixed it... thanks folks for helping.
The output is below:
SERVICE_NAME: splunkd
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Splunk\bin\splunkd.exe" service
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Splunkd Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\Users\Administrator>
What is the output of the following commands from an elevated command prompt:
sc.exe qc splunkd
icacls "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\clilib\cli.py"
Is the user /service account you are using to run splunk is also same as Administrator?
there is no user/service account. it was installed using account Administrator. Which is what i used to log into windows system as and then attempt to start. I can stop Splunkd service no problem.
and from the last startup in previous splunkd log i see this:
08-08-2018 17:03:05.010 -0700 INFO loader - win-service: Starting as a Windows service: will run various system checks first...
08-08-2018 17:03:05.010 -0700 INFO loader - win-service: Splunk starting as a local administrator
08-08-2018 17:03:05.010 -0700 INFO loader - Automatic migration of modular inputs
08-08-2018 17:03:17.464 -0700 INFO loader - win-service: Command pre-flight-checks ran successfully.
08-08-2018 17:03:20.995 -0700 INFO loader - win-service: Command check-xml-files ran successfully.