Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

KV Store process terminated abnormally (exit code 14, status exited with code 14). See mongod.log and splunkd.log for de

rayar
Contributor
‎12-01-2021 07:15 AM

Hi

I am getting 

KV Store process terminated abnormally (exit code 14, status exited with code 14). See mongod.log and splunkd.log for details.

 

I have stopped splunk and moved mongod folder and started it again 

I am getting now 

2021-12-01T13:55:55.528Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2021-12-01T13:55:55.545Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2021-12-01T13:55:55.545Z F - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 1120
2021-12-01T13:55:55.545Z F - [main]
***aborting after fassert() failure

and I want to regenerate server.pem

 

just to confirm this is the right command 

$SPLUNK_HOME/bin/splunk createssl

what are the risks   ?

 

Labels (1)
Labels
0 Karma
Reply

rayar
Contributor
‎12-01-2021 09:17 AM

I tried but it fails and I am getting 

 

12-01-2021 19:06:26.395 +0200 WARN ConfigEncryptor - Invalid setting for server.conf/[general]/legacyCiphers
12-01-2021 19:06:26.395 +0200 ERROR ConfigEncryptor - server.conf/[general]/legacyCiphers is misconfigured.
12-01-2021 19:06:26.400 +0200 WARN ConfigEncryptor - Invalid setting for server.conf/[general]/legacyCiphers
12-01-2021 19:06:26.400 +0200 ERROR ConfigEncryptor - server.conf/[general]/legacyCiphers is misconfigured.
12-01-2021 19:06:26.400 +0200 WARN ConfigEncryptor - Invalid setting for server.conf/[general]/legacyCiphers
12-01-2021 19:06:26.400 +0200 ERROR ConfigEncryptor - server.conf/[general]/legacyCiphers is misconfigured.
12-01-2021 19:06:26.400 +0200 INFO ServerConfig - No '' certificate found. Splunkd communication will not work without this. If this is a fresh installation, this should be OK.

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-01-2021 11:12 PM
After that restart splunk should create a new certificate. Can you validate it now with splunk cmd openssl command?
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-01-2021 07:29 AM
Here is an old post for this https://community.splunk.com/t5/Knowledge-Management/Can-you-help-me-with-the-following-mongod-kvsto...
0 Karma
Reply

rayar
Contributor
‎12-01-2021 07:35 AM

I have removed the server.pem and restarted the Splunk server and it didn't work

was not able to login Splunk 

this is the reason I wanted to renew the server.pem manually 

[splunk@ilissplsh01 bin]$ openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem
notAfter=Nov 17 08:28:40 2021 GMT
[splunk@ilissplsh01 bin]$

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-01-2021 08:36 AM
Can you restore the mongod folder back to it’s original place and then try restart again without cert?
0 Karma
Reply

rayar
Contributor
‎12-04-2021 10:06 PM

I have resolved it working with Splunk support , some server.conf configuration was missing 

we are still investigating 

0 Karma
Reply

Muwafi
Path Finder
‎06-11-2022 07:19 PM

Hello @rayar  , have you solved this issue ? if so, would you please update us and post the solution here?

 

Thanks 

0 Karma
Reply

rayar
Contributor
‎06-12-2022 01:44 AM

sorry its a very old issue I don't remember what was the solution 

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...