Installation

Splunk installer unable to start Splunk Services/unable to install

m_martinson
New Member

I've read through numerous of the Splunk questions/answers re: splunk installer unable to blah blah blah but haven't found the right answer that works for me. I am trying to install Splunk to a brand new VM. I'm trying to install it to the E: drive (another partition) instead of the usual C: drive as E: has 100 GB of storage. In addition, I am using the local user for the install. I'm logged in as Administrator and have ensured that E: drive has all the permissions I need. However, I continue to get the error: splunk installer unable to start splunk services... exitcode=2. I've tried running the installer as Admin and continue to get the same issues.

In addition, I notice that even though I get this unable to start splunk services error, I see Splunk in my startup menu and I see splunkd and splunkweb under services. But each of them says AUTOMATIC and if I try and start the services, it gives me an error. I even tried via command line... nothing.

I've tried many of the other recommendations: cleared out registry, checked permissions, tried using command line, etc. Nothing seems to work. Would love any further suggestions.

Labels (1)
Tags (3)
0 Karma
1 Solution

lukejadamec
Super Champion

Open the splunkd service and check the Log On tab. Is the service running as the local system or a user?

If your are running as a user, then review this from the Installation Manual:

Important: If you choose to run Splunk as another user, that user must:

•Be a member of an Active Directory domain (you cannot install Splunk as a local machine account other than the Local System account)

•Have local administrator privileges on the machine which you are performing the installation, and

•Have specific user rights, and other additional permissions, depending on the kinds of data you want to collect from remote machines.

View solution in original post

0 Karma

mwhooo
Engager

Don't forget to stick the domainname and username into the field.
Like = home\s-splunk

This worked for me, was not able to install under domain account until I added the domain before the username, hope this is helpful.

jneighbors_splu
Splunk Employee
Splunk Employee

Great Advice! specifying the domain or using the UPN was able to successfully complete the install.

0 Karma

Shack
Explorer

The only way I have been able to successfully install Splunk Enterprise on Windows and have the services start (splunk-6.1.3-220630-x64-release) is to NOT change the default installation location. I tried many variations (local user, AD user, fresh Windows Server 2008 R2, fully patched Windows Server 2008 R2, AD joined, non-AD joined, etc.) until I finally just used defaults (Next > Next > Next > Finish) and found success. I then created a new Windows Server 2008 R2 Standard instance, added it to the AD domain, added a splunk service user to the local administrators group, and then installed Splunk Enterprise successfully using defaults except for the AD user.

0 Karma

lukejadamec
Super Champion

Open the splunkd service and check the Log On tab. Is the service running as the local system or a user?

If your are running as a user, then review this from the Installation Manual:

Important: If you choose to run Splunk as another user, that user must:

•Be a member of an Active Directory domain (you cannot install Splunk as a local machine account other than the Local System account)

•Have local administrator privileges on the machine which you are performing the installation, and

•Have specific user rights, and other additional permissions, depending on the kinds of data you want to collect from remote machines.

0 Karma

halr9000
Motivator

Marking as accepted answer based on input from another customer whose issue was resolved.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...