Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ERROR BTreeCP ~~~~ \snapshot.old: Access is denied. error

cjsweeney1
Explorer
‎08-07-2017 10:46 AM

Getting this error on a few systems...

08-28-2016 22:03:18.924 -0400 ERROR BTreeCP  - failed: failed to rename C:\Program Files\SplunkUniversalForwarder\var\lib\splunk\fishbucket\splunk_private_db\snapshot to C:\Program Files\SplunkUniversalForwarder\var\lib\splunk\fishbucket\splunk_private_db\snapshot.old: Access is denied.

Anyone know what file and setting I should be looking at for the fix? It seems like a authentication.conf (I'm setup for LDAP authentication) setting reference and just wanted an opinion. Thanks.

Reply

ololdach
Builder
‎03-19-2020 08:49 AM

Hello,

could it be that you are running the forwarder as a non-privileged user? If so, you could change the ownership of the splunkhome\var directory tree to the splunk user.

Oliver

0 Karma
Reply

camigirl4k3
Engager
‎03-19-2020 08:32 AM

I have the same issue with my account. I'm trying to change the authentication.conf file to include some group mappings and it says I can't save. I am administrator on this machine...so is it because the service is still running?

0 Karma
Reply

vr2312
Builder
‎04-20-2018 02:34 AM

Hello @cjsweeney1

It seems the account Splunk is being run in the Windows Server does not have the admin privileges to remove the snapshot,old file from the location.

Once the privileges are updated, Splunk would have permission to edit the file and rename it to what is required.

We had this addressed by ensuring the permissions splunk is using in the host are updated.

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...