kvstore failing to start

New Member

Trying to run splunk in a docker container - which I can successfully get running.


Once I try to add a persistent volume for /splunkhome/var and /splunkhome/etc, the kvstore fails to start.

The persistent volume is being hosted on a NAS (synology diskstation) which is being mounted to my linux host via SMB (cifs) with the local admin of the NAS - so I should have full permissions to the share.

I've been able to observe the following error

"homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem."

are SMB file shares not supposed by splunk?

I can get past this error by adding "OPSIMISTIC_ABOUT_FILE_LOCKING = 1"
to splunk-launch.conf

but then I get stuck with where kvstore failing to start.  kvstore logs indicate it's because the permissions are too open - even though I've changed them to 400.


Any insight from your beautiful minds?

Labels (1)
0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!