SSL Installation + KV Store error

chaitali_1994 · ‎03-27-2021

I have a distributed environment where the Splunk instances are clustered and the version I am using is 6.6.3. The server certificates are expired and there is no SSL communication enabled between Splunk servers. I have few queries:

1. How to enable the SSL communication?

2. How expired server certs are going to impact my Splunk environment?

3. How to know from the existing configurations, if there is any SSL communication between Splunk instances?

4. How can I resolve this error:

a. KV store changed its status to failed. KV store process terminated.

b. Failed to start KV store process. See mongod.log and splunkd.log for details.

c. KV store process terminated abnormally(exit code 14, status exited with code 14)

aasabatini · ‎03-29-2021

Hi @chaitali_1994

as for certificates, you should upgrade splunk versions to be able to use unexpired certificates

how to use certificates you can follow this link:

https://docs.splunk.com/Documentation/Splunk/8.1.3/Security/ConfigureSplunkforwardingtousethedefault...

and for your kvstore error I suggest to backup and resync your collection.

https://docs.splunk.com/Documentation/Splunk/8.0.1/Admin/BackupKVstore

karma point or solution confirmation is appreciated

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

SSL Installation + KV Store error

splunkd

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Are you a member of the Splunk Community?

SSL Installation + KV Store error

splunkd

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console