Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

KV Store Errors : KV Store changed status to failed. Failed to start KV Store process. Getting KV store errors without using KV store

Ankitha_d
Path Finder
‎05-02-2018 08:46 PM

I have a standalone Search head catering to Indexer cluster with 2 indexers.
On both SH and IDX, we get KV store initialization failure.And suggestion is to check mongod.log and splunkd.log for errors
But mongod.log and splunkd.log has no specific errors.

And we are not even using kvstore , but still have errors on both SH and Indexers

mongod.log Errors

2018-05-02T11:24:17.028Z I JOURNAL [initandlisten] journal dir=/opt/splunk/var/lib/splunk/kvstore/mongo/journal

2018-05-02T11:24:16.981Z I CONTROL [initandlisten] options: { net: { port: 8191, ssl: { PEMKeyFile: "/opt/splunk/etc/auth/server.pem", PEMKeyPassword: "", allowInvalidHostnames: true,disabledProtocols: "noTLS1_0,noTLS1_1", mode: "preferSSL", sslCipherConfig: "xxx" }, unixDomainSocket: { enabled: false } }, replication: { oplogSizeMB: 200, replSet: "30B62029-B878-4421-B99F-686EA7CC8A8A" }, security: { javascriptEnabled: false, keyFile: "/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key" }, setParameter: { enableLocalhostAuthBypass: "0" }, storage: { dbPath: "/opt/splunk/var/lib/splunk/kvstore/mongo", mmapv1: { smallFiles: true } }, systemLog: { timeStampFormat: "iso8601-utc" } }

2018-05-02T11:24:16.981Z I CONTROL [initandlisten] MongoDB starting : pid=20725 port=8191 dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo 64-bit host=xxxxx

splunkd.log Errors

05-02-2018 11:29:17.341 +0000 ERROR KVStoreBulletinBoardManager - Failed to start KV Store process. See mongod.log and splunkd.log for details.
05-02-2018 11:29:17.341 +0000 ERROR KVStoreBulletinBoardManager - KV Store changed status to failed. Failed to start KV Store process. See mongod.log and splunkd.log for details.
05-02-2018 11:29:17.341 +0000 ERROR KVStoreConfigurationProvider - Could not start mongo instance. Initialization failed.
05-02-2018 11:29:17.341 +0000 ERROR KVStoreConfigurationProvider - Could not get pint from mongod.
05-02-2018 11:24:16.095 +0000 INFO LMTracker - Setting feature=KVStore state=ENABLED (featureStatus=1)

05-03-2018 03:06:06.660 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" splunklib.binding.HTTPError: HTTP 503 Service Unavailable -- KV Store initialization failed. Please contact your system administrator.

Things I have already tried :

1>Have given 600 permission to splunk.key and restarted. All files here have read and write perm,even mongod.lock
2>The certificates are all valid in /etc/auth .Have also deleted server.pem and restarted to generate new server.pem.
3>Stopped the SH and ran splunk clean kvstore --local and restarted , only to find the same error again

Can anyone please help me out with this issue????

Reply
1 Solution
Solved! Jump to solution
Solution

Michael
Contributor
‎03-22-2019 11:09 AM

I solved this by generating new key with:

/opt/splunk/bin/splunk createssl server-cert 3072 -d /opt/splunk/etc/auth/ -n server -c {your domain name}

/opt/splunk/bin/splunk restart

View solution in original post

Reply
Solved! Jump to solution
Solution

Michael
Contributor
‎03-22-2019 11:09 AM

I solved this by generating new key with:

/opt/splunk/bin/splunk createssl server-cert 3072 -d /opt/splunk/etc/auth/ -n server -c {your domain name}

/opt/splunk/bin/splunk restart

Reply
Solved! Jump to solution

charlesh
Loves-to-Learn
‎06-24-2020 04:10 PM

I have ran through everything the same including generating the new key. Still the KV Store will not start and is
failed state.

"warning: No SSL certificate validation can be performed since no CA file has been provided; please specify an sslCAFile parameter"

Do I need go through and redo all the certs because they are not signed?

Any other things worth checking?

Help is much appreciated!!!

0 Karma
Reply
Solved! Jump to solution

alexadao
Observer
‎05-13-2019 10:04 AM

Thank you, That works for me.
/opt/splunk/bin/splunk createssl server-cert 3072 -d /opt/splunk/etc/auth/ -n server -c {your domain name}

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...