Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I suddenly unable to start splunkd with "Access is denied" errors?

manja054
Explorer
‎11-09-2015 05:45 AM

Not sure what's the reason. It was working till now, but suddenly stopped working.

D:\Splunk\bin>splunk start

Splunk> Winning the War on Error

Checking prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking configuration...  Done.
        Checking critical directories...        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Checking indexes...
                Validated: _audit _blocksignature _internal _thefishbucket histo
ry main summary
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
        Checking filesystem compatibility...  Done
        Checking conf files for problems...
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\btool.log": Access is denied.
        Done
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
ERROR - Error opening "D:\Splunk\var\log\splunk\splunkd-utility.log": Access is
denied.
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Splunkd: Starting (pid 3260)

Timed out waiting for splunkd to start.
Warning: can't create "D:\Splunk\var\run\splunk\merged\literals.conf": Access is
 denied.

Warning: can't create "D:\Splunk\var\run\splunk\merged\server.conf": Access is d
enied.

Warning: can't create "D:\Splunk\var\run\splunk\merged\web.conf": Access is deni
ed.

Starting splunkweb...
splunkweb: Stopped
Failed to start splunkweb service.
0 Karma
Reply

DeronJensen
Explorer
‎11-09-2015 09:18 AM

I would guess that you are not running as the user that needs to start Splunk. I am not a Windows admin, but you may be able to start splunk from the Services Management Console. This should run as a local admin.

If you want to start Splunk from the command line, you can try starting the command line as a local admin:

•Click Start.
•In the Start Search box, type cmd, and then press CTRL+SHIFT+ENTER.
•If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

Reply

vishwanthini
Engager
‎04-05-2020 05:20 PM

I used the Service Management Console to start the Splunkd service

0 Karma
Reply

manja054
Explorer
‎11-09-2015 10:00 PM

Thanks for the reply. Tried like as u said but no luck.

It was working earlier. The service is running under local admin account(Has full rights).

0 Karma
Reply

shamim_iqbal
Engager
‎03-07-2020 11:12 AM

thank you for your help, it work for me. open the CMD in administrator mode then use :: splunk start to start the services.

Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...