Hi, For which user does the installer and service work? It looks like the user does not have file permissions. The installer attempts to run the SPLUNK process after installation. If the Splunk process does not start running, the installer makes the assumption that the installation failed then the installer rolls back the installation and removes the Splunk Enterprise instance. If you use domain user or MSA then this account does not have NTFS permissions for Splunk Enterprise installation directory. After installation, you need explicitly assign NTFS permissions from that directory and all subdirectories for the MSA account. However, you cannot do this during installation if you run the msi file directly, and as a result you will get the error that is mentioned above. Solution: Install Splunk from the command line and use the LAUNCHSPLUNK=0 flag to keep Splunk Enterprise from starting after installation has completed. For example : PS C:\temp> msiexec.exe /i splunk-9.0.4-de405f4a7979-x64-release.msi LAUNCHSPLUNK=0 You can complete the installation, and before running SPLUNK, you need to grant the user "Full Control" permissions to the Splunk Enterprise installation directory and all of its subdirectories.
... View more