- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Installation
- :
- Splunk Install Error on Windows
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When trying to install Splunk 4.3 on Windows 2003 I encountered the error;
"Splunk Installer was unable to create Splunk services. Please make sure the user running the installer has the correct privileges, including being able to create Windows Services. Exitcode='1'"
What has caused this and how can I fix it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are a couple of things that can cause this;
Firstly you are not running the setup program with administrative privileges. If you are running a non "Administrator" admin account, ensure you right click and choose to Run as administrator.
The next option is that you may have a similar error to above but with exit code 4 and the service cannot start instead of failing to install, this is because you chose to run the Splunk services as something other than the local system account. If you enter the details for another account it is possible you have entered them in incorrectly or they do not have permissions set to run as a service.
Finally, it is possible you have either a failed previous install, an old install that wasn't cleanly removed or your install has just fallen over.
If it says it has failed to install, go to the start menu and choose run, type in services.msc
Look down the list for splunkd and Splunkweb. See them there? in that case it is possible you have an old install or a failed install. After you have made sure you have tried to run an uninstall for Splunk but they are still present you can run the following commands;
ONLY DO THIS IF THE OPTION TO UNINSTALL SPLUNK EITHER VIA THE ADD/REMOVE PROGRAMS WINDOW IS NOT PRESENT OR IF WHEN YOU RIGHT CLICK ON THE SPLUNK INSTALLER AND SELECT UNINSTALL IT SAYS THAT THE PROGRAM MUST BE INSTALLED FIRST - DO NOT DO THIS ON A WORKING INSTALL
From the start menu right click on Command prompt if it is in the recent list and choose to run as administrator, otherwise navigate to the windows\system32 directory and right click on cmd.exe to run as admin.
Inside the prompt type;
sc delete Splunkd
sc delete Splunkweb
This will forcibly remove the services and allow the installer to hopefully run successfully on the next run.
This has been tested on Win2k3 but may work on other versions.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Be careful, sometimes the service is named: "Splunkweb Service" so use :
sc delete Splunkweb Service
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to install on Windows 7 at location - "C:\Program Files (x86)\ " folder.
Earlier I was trying to install 'splunk-6.1.2-213098-x64-release' under "C:\Program Files" and was getting error (Error 1310.Error writing to file : C:Program FilesSplunketcanonymizeranonymizer-time.ini").
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Deleting services from cmd worked for me on Windows 7. However I see and new issue now - "Error 1310.Error writing to file : C:Program FilesSplunketcanonymizeranonymizer-time.ini".Verify that you have access to that directory
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On my Windows 2003 server, the SplunkForwarder tried to install in C:\ root directory. This is not allowed by our security policy. I installed it in C:\Program Files\SplunkForwarder, and all is OK.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am also facing the same issue, I removed Splunkd and Splunkweb from services and tried, no luck. I have admin priviliges too.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Didn't work for me! On windows XP
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And me. This problem on 2 PC
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Excellent, worked on my XP machine.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are a couple of things that can cause this;
Firstly you are not running the setup program with administrative privileges. If you are running a non "Administrator" admin account, ensure you right click and choose to Run as administrator.
The next option is that you may have a similar error to above but with exit code 4 and the service cannot start instead of failing to install, this is because you chose to run the Splunk services as something other than the local system account. If you enter the details for another account it is possible you have entered them in incorrectly or they do not have permissions set to run as a service.
Finally, it is possible you have either a failed previous install, an old install that wasn't cleanly removed or your install has just fallen over.
If it says it has failed to install, go to the start menu and choose run, type in services.msc
Look down the list for splunkd and Splunkweb. See them there? in that case it is possible you have an old install or a failed install. After you have made sure you have tried to run an uninstall for Splunk but they are still present you can run the following commands;
ONLY DO THIS IF THE OPTION TO UNINSTALL SPLUNK EITHER VIA THE ADD/REMOVE PROGRAMS WINDOW IS NOT PRESENT OR IF WHEN YOU RIGHT CLICK ON THE SPLUNK INSTALLER AND SELECT UNINSTALL IT SAYS THAT THE PROGRAM MUST BE INSTALLED FIRST - DO NOT DO THIS ON A WORKING INSTALL
From the start menu right click on Command prompt if it is in the recent list and choose to run as administrator, otherwise navigate to the windows\system32 directory and right click on cmd.exe to run as admin.
Inside the prompt type;
sc delete Splunkd
sc delete Splunkweb
This will forcibly remove the services and allow the installer to hopefully run successfully on the next run.
This has been tested on Win2k3 but may work on other versions.
Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation
Explore the Latest Educational Offerings from Splunk (November Releases)
New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...
