Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I receiving errors when attempting to start Splunk in the Windows CLI?

mjscoggins
Explorer
‎04-17-2018 10:57 AM

I was getting connection refused in the browser (localhost:8000/en-US/app/launcher/home). I was able to start splunk in Windows Services, but received the following Access Denied errors when attempting to start the service in the CLI. Any idea why? I was not logged in as a system admin in case that matters.

C:\Program Files\Splunk\bin>splunk start

Splunk> Like an F-18, bro.

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
ERROR - Failed opening "C:\Program Files\Splunk\var\log\splunk\splunkd-utility.log": Access is denied.
Checking configuration... Done.
Failed to open splunk.secret 'C:\Program Files\Splunk\etc\auth\splunk.secret' file. Some passwords will not work. errno=Access is denied.
Unable to read 'C:\Program Files\Splunk\etc\auth\splunk.secret' file.
Checking critical directories... Done
ERROR - Failed opening "C:\Program Files\Splunk\var\log\splunk\splunkd-utility.log": Access is denied.
Checking indexes...
homePath='C:\Program Files\Splunk\var\lib\splunk\audit\db' of index=_audit on unusable filesystem.
Validating databases (splunkd validatedb) failed with code '1'. If you cannot resolve the issue(s) above after consulting documentation, please file a case online at splunk.com/page/submit_issue
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

elliotproebstel
Champion
‎04-17-2018 06:55 PM

So that you can close this out, I'll post this as an answer:

That very much reads like a permissions problem. Try running Splunk as an admin-level user. That should give you permissions to read and write the appropriate files.

View solution in original post

Reply
Solved! Jump to solution
Solution

elliotproebstel
Champion
‎04-17-2018 06:55 PM

So that you can close this out, I'll post this as an answer:

That very much reads like a permissions problem. Try running Splunk as an admin-level user. That should give you permissions to read and write the appropriate files.

Reply
Solved! Jump to solution

elliotproebstel
Champion
‎04-17-2018 11:08 AM

That very much reads like a permissions problem. Using the account from which you tried to start Splunk, can you access those files?

C:\Program Files\Splunk\var\log\splunk\splunkd-utility.log
C:\Program Files\Splunk\etc\auth\splunk.secret
Reply
Solved! Jump to solution

ssadanala1
Contributor
‎04-17-2018 03:54 PM

try setting this

$SPLUNK_HOME/etc/splunk-launch.conf:
OPTIMISTIC_ABOUT_FILE_LOCKING = 1

This error should encounter when installing splunk on mac0s
https://answers.splunk.com/answers/600702/problem-installing-splunk-enterprise-on-macos-1013-1.html

0 Karma
Reply
Solved! Jump to solution

mjscoggins
Explorer
‎04-17-2018 01:19 PM

I can open the first, but receive access denied on the second when running the CLI with a non-admin account. Ran as Admin and was able to open both. Newbie B-P

Thanks!

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎04-17-2018 01:42 PM

When restarting splunk from CLI, did you open the Command prompt as Administrator?

0 Karma
Reply
Solved! Jump to solution

mjscoggins
Explorer
‎04-17-2018 04:38 PM

Not at first, but that was the problem. Ran Command prompt as Administrator and no more errors received.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...