TailingProcessor - Insufficient permissions to rea...

iliec · ‎03-15-2011

Hi,

I've set the splunkd service account to a domain account that has local administrator rights on both the splunk server machine and the client from where i need to access the file share. I've also checked that the user has full control on the shared folder (Share and NTFS permissions) however i'm still getting : TailingProcessor - Insufficient permissions to read file (hint: Access is denied.) when splunk tries to read those files.

The splunk server is on Windows 2003 Machine (x86) while the file share is located on a Windows Server 2008 R2 machine (x64). I'm using version Splunk 4.1.7.

Let me know if you have any ideas on why splunk isn't reading data from the log files in the fileshare.

Regards, Cosmin

gkanapathy · ‎03-15-2011

Are you using drive letter mappings or a UNC path? Have you logged in as the Splunk account on the Splunk server machine and tested to see if you can open the file?

MarioM · ‎03-15-2011

Could it be locked by another process(you could check with Process Explorer)? or denied by antivirus(you could test excluding Splunk folder in your AV configuration)?

TailingProcessor - Insufficient permissions to read file (hint: Access is denied.).

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation