Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I suddenly unable to start splunkd with "Access is denied" errors?

manja054
Explorer
‎11-09-2015 05:45 AM

Not sure what's the reason. It was working till now, but suddenly stopped working.

D:\Splunk\bin>splunk start

Splunk> Winning the War on Error

Checking prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking configuration...  Done.
        Checking critical directories...        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Checking indexes...
                Validated: _audit _blocksignature _internal _thefishbucket histo
ry main summary
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Checking filesystem compatibility...  Done
        Checking conf files for problems...
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Splunkd: Starting (pid 3260)

Timed out waiting for splunkd to start.
Warning: can't create "D:\Splunk\var\run\splunk\merged\literals.conf": Access is
 denied.

Warning: can't create "D:\Splunk\var\run\splunk\merged\server.conf": Access is d
enied.

Warning: can't create "D:\Splunk\var\run\splunk\merged\web.conf": Access is deni
ed.

Starting splunkweb...
splunkweb: Stopped
Failed to start splunkweb service.
0 Karma
Reply

DeronJensen
Explorer
‎11-09-2015 09:18 AM

I would guess that you are not running as the user that needs to start Splunk. I am not a Windows admin, but you may be able to start splunk from the Services Management Console. This should run as a local admin.

If you want to start Splunk from the command line, you can try starting the command line as a local admin:

•Click Start.
•In the Start Search box, type cmd, and then press CTRL+SHIFT+ENTER.
•If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

Reply

vishwanthini
Engager
‎04-05-2020 05:20 PM

I used the Service Management Console to start the Splunkd service

0 Karma
Reply

manja054
Explorer
‎11-09-2015 10:00 PM

Thanks for the reply. Tried like as u said but no luck.

It was working earlier. The service is running under local admin account(Has full rights).

0 Karma
Reply

shamim_iqbal
Engager
‎03-07-2020 11:12 AM

thank you for your help, it work for me. open the CMD in administrator mode then use :: splunk start to start the services.

Reply
Get Updates on the Splunk Community!

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...