- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


I have installed it and all the pre-requisites are met except it complains that Key Value Store must be enabled. I have read about 10 different articles about how to address this issue. So far, none of them have worked. My most recent finding was that there was a lock file preventing mongodb from starting. I was able to clear the lock, however, the service still does not start. The various errors seem to be related to access denied. The splunkd service runs as the local system account. I am pasting the tail of the most recent attempt below
2015-08-18T23:23:40.491Z warning: No SSL certificate validation can be performed since no CA file has been provided; please specify an sslCAFile parameter
2015-08-18T23:23:40.913Z [initandlisten] MongoDB starting : pid=3200 port=8191 dbpath=D:\Splunk\var\lib\splunk/kvstore\mongo 64-bit host=SAC-CORP-SPLKH1
2015-08-18T23:23:40.913Z [initandlisten] targetMinOS: Windows 7/Windows Server 2008 R2
2015-08-18T23:23:40.913Z [initandlisten] db version v2.6.7-splunk
2015-08-18T23:23:40.913Z [initandlisten] git version: 7e66fa196686092ee1c184bd3f8fa1fe640c6550
2015-08-18T23:23:40.913Z [initandlisten] OpenSSL version: OpenSSL 1.0.1m-fips 19 Mar 2015
2015-08-18T23:23:40.913Z [initandlisten] build info: windows sys.getwindowsversion(major=6, minor=1, build=7601, platform=2, service_pack='Service Pack 1') BOOST_LIB_VERSION=1_49
2015-08-18T23:23:40.913Z [initandlisten] allocator: system
2015-08-18T23:23:40.913Z [initandlisten] options: { net: { port: 8191, ssl: { PEMKeyFile: "C:\Program Files\Splunk\etc\auth\server.pem", PEMKeyPassword: "<password>", mode: "preferSSL" } }, replication: { oplogSizeMB: 1000 }, security: { keyFile: "D:\Splunk\var\lib\splunk/kvstore\mongo\splunk.key" }, setParameter: { enableLocalhostAuthBypass: "0" }, storage: { dbPath: "D:\Splunk\var\lib\splunk/kvstore\mongo", smallFiles: true }, systemLog: { timeStampFormat: "iso8601-utc" } }
2015-08-18T23:23:40.929Z [initandlisten] exception in initAndListen std::exception: boost::filesystem::directory_iterator::construct: Access is denied: "D:\Splunk\var\lib\splunk/kvstore\mongo/_tmp/", terminating
2015-08-18T23:23:40.929Z [initandlisten] dbexit:
2015-08-18T23:23:40.929Z [initandlisten] shutdown: going to close listening sockets...
2015-08-18T23:23:40.929Z [initandlisten] shutdown: going to flush diaglog...
2015-08-18T23:23:40.929Z [initandlisten] shutdown: going to close sockets...
2015-08-18T23:23:40.929Z [initandlisten] shutdown: waiting for fs preallocator...
2015-08-18T23:23:40.929Z [initandlisten] shutdown: lock for final commit...
2015-08-18T23:23:40.929Z [initandlisten] shutdown: final commit...
2015-08-18T23:23:40.929Z [initandlisten] shutdown: closing all files...
2015-08-18T23:23:40.929Z [initandlisten] closeAllFiles() finished
2015-08-18T23:23:40.929Z [initandlisten] shutdown: removing fs lock...
2015-08-18T23:23:40.929Z [initandlisten] dbexit: really exiting now
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


Here is what helped resolved this issue.
*****Stop Splunk Service.
*****Navigate to $SPLUNk_DB\Splunk/kvstore\mongo
. In this directory, keep the file splunk.key
and remove all other files to backup location D:\Splunk/kvstore\mongo\
*****Both for the $SPLUNk_HOME(C:\Program Files\Splunk)
and $SPLUNk_DB( in my case D:\Splunk\var\lib\splunk/kvstore)
changed ownership of the upper level directory and all child directories.
*****Restart Splunk and was able to run "Setup the Splunk App for Microsoft Exchange" , Prerequisites and it detected "OK: Key value store is enabled"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


Here is what helped resolved this issue.
*****Stop Splunk Service.
*****Navigate to $SPLUNk_DB\Splunk/kvstore\mongo
. In this directory, keep the file splunk.key
and remove all other files to backup location D:\Splunk/kvstore\mongo\
*****Both for the $SPLUNk_HOME(C:\Program Files\Splunk)
and $SPLUNk_DB( in my case D:\Splunk\var\lib\splunk/kvstore)
changed ownership of the upper level directory and all child directories.
*****Restart Splunk and was able to run "Setup the Splunk App for Microsoft Exchange" , Prerequisites and it detected "OK: Key value store is enabled"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Excellent. This solution worked.
