I have a distributed environment where the Splunk instances are clustered and the version I am using is 6.6.3. The server certificates are expired and there is no SSL communication enabled between Splunk servers. I have few queries:
1. How to enable the SSL communication?
2. How expired server certs are going to impact my Splunk environment?
3. How to know from the existing configurations, if there is any SSL communication between Splunk instances?
4. How can I resolve this error:
a. KV store changed its status to failed. KV store process terminated.
b. Failed to start KV store process. See mongod.log and splunkd.log for details.
c. KV store process terminated abnormally(exit code 14, status exited with code 14)
as for certificates, you should upgrade splunk versions to be able to use unexpired certificates
how to use certificates you can follow this link:
and for your kvstore error I suggest to backup and resync your collection.
https://docs.splunk.com/Documentation/Splunk/8.0.1/Admin/BackupKVstore
https://docs.splunk.com/Documentation/Splunk/8.0.1/Admin/BackupKVstore
karma point or solution confirmation is appreciated