Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Failed to start KV Store process. See mongod.log and splunkd.log for details - Windows machine

madhufuture
New Member
‎09-26-2018 05:28 PM

I'm running into this issue consistently when ever I change the logon details of "Splunkd Service" to a domain account. When the service is running on Local System account, "Splunk DB Connect" is fine.

I'm on Windows machine.

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎09-27-2018 07:22 AM

Hi @madhufuture,
Try starting Splunk with Administrator permission. If that does not work then try removing below file,

chmod -R 400 $SPLUNK_HOME/var/lib/splunk/kvstore/mongo/mongod.lock

Restart the Splunk, now hopefully kvstore will start.

0 Karma
Reply

madhufuture
New Member
‎09-27-2018 08:52 AM

I'm not getting the error messages after deleting the mongod.lock and restarting the splunk service. But now I'm getting "DBX Server is not available, please make sure it is started and listening on 9998 " error when I'm trying to configure a new connection in Splunk DB Connect.

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎09-27-2018 09:08 PM

Looks like firewall issue, check for port 9998 should be open from both the side, Splunk and DBX side. Port 9998 should be publicly open. Try this!
Make sure you have configured Splunk DB Connect correctly - http://docs.splunk.com/Documentation/DBX/3.1.3/DeployDBX/ConfigureDBConnectsettings

0 Karma
Reply

madhufuture
New Member
‎09-28-2018 05:30 AM

Ok, What do you mean by DBX side? I have installed both Splunk Enterprise and Splunk DB Connect on the same server. And I'm trying to connect to a remote SQL Server. I have opened port 9998 on the
Splunk server.
Then when I'm trying to create a new connection, I am getting this error.

0 Karma
Reply

deepashri_123
Motivator
‎09-27-2018 12:37 AM

Hey@madhufuture,

Please search the internal logs for exact errors that can help you troubleshoot.
Run the following query:
index=_internal log_level=ERROR

Let me know if this helps!!

0 Karma
Reply

madhufuture
New Member
‎09-27-2018 05:42 AM

Hi @deepashri_123 Thanks for your response.
I have checked the logs based on the search query which you provided. I see the following error

KVStoreConfigurationProvider - Could not get ping from mongod.
KVStoreConfigurationProvider - Could not start mongo instance. Initialization failed.

Could you please let me know how I can fix this issue.

0 Karma
Reply

deepashri_123
Motivator
‎09-27-2018 09:38 PM

Hey@madhufuture,

Could you check this answer, seems like certificate issue:
https://answers.splunk.com/answers/314499/after-upgrading-to-splunk-630-why-am-i-getting-the.html
Let me know if this helps!!

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...