Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

kvstore failing to start

tinscore
New Member
‎04-24-2021 10:35 PM

Trying to run splunk in a docker container - which I can successfully get running.

however...

Once I try to add a persistent volume for /splunkhome/var and /splunkhome/etc, the kvstore fails to start.

The persistent volume is being hosted on a NAS (synology diskstation) which is being mounted to my linux host via SMB (cifs) with the local admin of the NAS - so I should have full permissions to the share.

I've been able to observe the following error

"homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem."

are SMB file shares not supposed by splunk?

I can get past this error by adding "OPSIMISTIC_ABOUT_FILE_LOCKING = 1"
to splunk-launch.conf

but then I get stuck with where kvstore failing to start.  kvstore logs indicate it's because the permissions are too open - even though I've changed them to 400.

 

Any insight from your beautiful minds?

Labels (1)
Labels
0 Karma
Reply

BartZm
New Member
‎04-16-2025 06:33 AM

You need to unmount "/opt/splunk/var/lib/splunk/kvstore/mongo" folder.

Eg. in docker-compose

volumes:
- "/home/docker_volumes/etc:/opt/splunk/etc"
- "/home/docker_volumes/var:/opt/splunk/var"
- "/opt/splunk/var/lib/splunk/kvstore/mongo"

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...