Monitoring Splunk
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I suddenly unable to start splunkd with "Access is denied" errors?

manja054
Explorer
‎11-09-2015 05:45 AM

Not sure what's the reason. It was working till now, but suddenly stopped working.

D:\Splunk\bin>splunk start

Splunk> Winning the War on Error

Checking prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking configuration...  Done.
        Checking critical directories...        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Checking indexes...
                Validated: _audit _blocksignature _internal _thefishbucket histo
ry main summary
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Checking filesystem compatibility...  Done
        Checking conf files for problems...
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Splunkd: Starting (pid 3260)

Timed out waiting for splunkd to start.
Warning: can't create "D:\Splunk\var\run\splunk\merged\literals.conf": Access is
 denied.

Warning: can't create "D:\Splunk\var\run\splunk\merged\server.conf": Access is d
enied.

Warning: can't create "D:\Splunk\var\run\splunk\merged\web.conf": Access is deni
ed.

Starting splunkweb...
splunkweb: Stopped
Failed to start splunkweb service.
0 Karma
Reply

DeronJensen
Explorer
‎11-09-2015 09:18 AM

I would guess that you are not running as the user that needs to start Splunk. I am not a Windows admin, but you may be able to start splunk from the Services Management Console. This should run as a local admin.

If you want to start Splunk from the command line, you can try starting the command line as a local admin:

•Click Start.
•In the Start Search box, type cmd, and then press CTRL+SHIFT+ENTER.
•If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

Reply

vishwanthini
Engager
‎04-05-2020 05:20 PM

I used the Service Management Console to start the Splunkd service

0 Karma
Reply

manja054
Explorer
‎11-09-2015 10:00 PM

Thanks for the reply. Tried like as u said but no luck.

It was working earlier. The service is running under local admin account(Has full rights).

0 Karma
Reply

shamim_iqbal
Engager
‎03-07-2020 11:12 AM

thank you for your help, it work for me. open the CMD in administrator mode then use :: splunk start to start the services.

Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top