Monitoring Splunk

Why am I suddenly unable to start splunkd with "Access is denied" errors?

manja054
Explorer

Not sure what's the reason. It was working till now, but suddenly stopped working.

D:\Splunk\bin>splunk start

Splunk> Winning the War on Error

Checking prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking configuration...  Done.
        Checking critical directories...        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Checking indexes...
                Validated: _audit _blocksignature _internal _thefishbucket histo
ry main summary
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Checking filesystem compatibility...  Done
        Checking conf files for problems...
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Splunkd: Starting (pid 3260)

Timed out waiting for splunkd to start.
Warning: can't create "D:\Splunk\var\run\splunk\merged\literals.conf": Access is
 denied.

Warning: can't create "D:\Splunk\var\run\splunk\merged\server.conf": Access is d
enied.

Warning: can't create "D:\Splunk\var\run\splunk\merged\web.conf": Access is deni
ed.

Starting splunkweb...
splunkweb: Stopped
Failed to start splunkweb service.
0 Karma

DeronJensen
Explorer

I would guess that you are not running as the user that needs to start Splunk. I am not a Windows admin, but you may be able to start splunk from the Services Management Console. This should run as a local admin.

If you want to start Splunk from the command line, you can try starting the command line as a local admin:

•Click Start.
•In the Start Search box, type cmd, and then press CTRL+SHIFT+ENTER.
•If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

vishwanthini
Engager

I used the Service Management Console to start the Splunkd service

0 Karma

manja054
Explorer

Thanks for the reply. Tried like as u said but no luck.

It was working earlier. The service is running under local admin account(Has full rights).

0 Karma

shamim_iqbal
Engager

thank you for your help, it work for me. open the CMD in administrator mode then use :: splunk start to start the services.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...