Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

TailingProcessor - Insufficient permissions to read file (hint: Access is denied.).

iliec
New Member
‎03-15-2011 11:49 AM

Hi,

I've set the splunkd service account to a domain account that has local administrator rights on both the splunk server machine and the client from where i need to access the file share. I've also checked that the user has full control on the shared folder (Share and NTFS permissions) however i'm still getting : TailingProcessor - Insufficient permissions to read file (hint: Access is denied.) when splunk tries to read those files.

The splunk server is on Windows 2003 Machine (x86) while the file share is located on a Windows Server 2008 R2 machine (x64). I'm using version Splunk 4.1.7.

Let me know if you have any ideas on why splunk isn't reading data from the log files in the fileshare.

Regards, Cosmin

Tags (1)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎03-15-2011 03:03 PM

Are you using drive letter mappings or a UNC path? Have you logged in as the Splunk account on the Splunk server machine and tested to see if you can open the file?

0 Karma
Reply

MarioM
Motivator
‎03-15-2011 12:08 PM

Could it be locked by another process(you could check with Process Explorer)? or denied by antivirus(you could test excluding Splunk folder in your AV configuration)?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...