All Apps and Add-ons

"Key value store must be enabled" prompted during Splunk App for Windows Infrastructure setup -- Why?

ananthan123
Explorer

Hello,

I have installed Splunk App for Windows Infrastructure, but when I run setup I am getting this error message:

Splunk v6.2.0+
OK: Splunk v6.3.3 detected
Key value store must be enabled. Please enable it. Learn more.

From which server it is throwing this error message? There are few Windows servers. How do I fix it ?

0 Karma

gordo32
Communicator

I ran into this on Linux, and it was because the server wasn't configured to be a slave to an Splunk Enterprise license master. Added the following stanza to server.conf

[license]
master_uri: = https://license-server:8089

After restarting Splunk, KVStore is up and running again. A couple other side-effects is that the "Map groups" action disappears under LDAP Settings (presumably, the mapping uses kv store / mongodb to store the role -> group mappings).

Another option would be to install an Enterprise license locally on the server, but since this is a search head only, that doesn't make a lot of sense.

0 Karma

ananthan123
Explorer

Thank you very much. Do I need to go on all the Windows Servers and need to change the permission?

0 Karma

alemarzu
Motivator

Only those that present the kvstore error.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

There are several previous Answers postings that talk about how to troubleshoot this issue. It could be a permissions and/or cert issue. See https://answers.splunk.com/answers/338872/splunk-app-for-windows-infrastructure-how-to-troub.html for one discussion, and links to others.

nwieseler
Path Finder

I downvoted this post because 404 on the link

0 Karma

ChrisG
Splunk Employee
Splunk Employee

@nwieseler: I just checked the link and it worked for me. Can you try again in an incognito tab?

0 Karma

nwieseler
Path Finder

Just tried on mobile and nothing? Not a big deal.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Got it, the post is restored now and you should be able to see it.

0 Karma

nwieseler
Path Finder

And now I can't cancel my vote after one day... Sorry man.

0 Karma

alemarzu
Motivator

Hello @ananthan123,

The host that it is reporting it, is probably the one were you are trying to install Windows Infrastructure app. This apps needs kvstore to work properly if I'm not mistaken.

First, just to be sure wich host is reporting that error:

  • index=_internal (sourcetype=mongod OR sourcetype=splunkd) log_level!=INFO KV store

This could probably a permission issues, so do this.

  1. Go to $SPLUNK_HOME\var\lib\splunk\kvstore
  2. Change the permissions recursively to mongo folder to the accound that is running Splunk.
  3. Restart Splunk.

Hope it helps.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...