Not sure what's the reason. It was working till now, but suddenly stopped working.
D:\Splunk\bin>splunk start
Splunk> Winning the War on Error
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking critical directories... Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
Checking indexes...
Validated: _audit _blocksignature _internal _thefishbucket histo
ry main summary
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
Checking filesystem compatibility... Done
Checking conf files for problems...
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Splunkd: Starting (pid 3260)
Timed out waiting for splunkd to start.
Warning: can't create "D:\Splunk\var\run\splunk\merged\literals.conf": Access is
denied.
Warning: can't create "D:\Splunk\var\run\splunk\merged\server.conf": Access is d
enied.
Warning: can't create "D:\Splunk\var\run\splunk\merged\web.conf": Access is deni
ed.
Starting splunkweb...
splunkweb: Stopped
Failed to start splunkweb service.
I would guess that you are not running as the user that needs to start Splunk. I am not a Windows admin, but you may be able to start splunk from the Services Management Console. This should run as a local admin.
If you want to start Splunk from the command line, you can try starting the command line as a local admin:
•Click Start.
•In the Start Search box, type cmd, and then press CTRL+SHIFT+ENTER.
•If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
I used the Service Management Console to start the Splunkd service
Thanks for the reply. Tried like as u said but no luck.
It was working earlier. The service is running under local admin account(Has full rights).
thank you for your help, it work for me. open the CMD in administrator mode then use :: splunk start to start the services.