Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- Why is permission denied when restarting Splunk?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is permission denied when restarting Splunk?
When we try to restart the splunk it says its getting permission denied on these two files:/etc/sysconfig/init: Permission denied and etc/rc.d/init.d/functions.
Both of these files are owned by root and Splunk is running as user, but I have another server who have same owned by root and Splunk running as user is working fine but don't know why its creating issues on this server?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
you have top stop splunk first. If you started it with root permissions, you have to stop it as "root".
Change owner of /opt/splunk directory to you splunkuser (chown -R splunkuser:splunkgroup /opt/splunk)
Please replace my splunkuser example with the username and the group you did choose to run splunk in you environment.
After you did this, you should try to start is as splunkuser. Afterwards you can set the boot-start by doing the command @klischatb named: /opt/splunk/bin/splunk enable boot-start -user splunkunser
Hope this helps. Please let us know.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
on the first time you start splunk, you want to start it as splunkuser (not as root).
When you want to enable boot-start you should use this command : ./splunk enable boot-start -user splunkunser
If your environment is fresh, just reinstall splunk and try this way.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this problem resolved? I am running into the same issue here.,Is this issue resolved? I am having the same problem here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What command are you using to start Splunk?
An upvote would be appreciated and Accept Solution if it helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i am using ./splunk start on bin folder.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
May 2026 Splunk Expert Sessions: Security & Observability
Network to App: Observability Unlocked [May & June Series]
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
