Knowledge Management

When using splunk backup kvstore command, is the completion status logged, specifically in the case of an error/failure?

andysm
Engager

I'm looking to capture any failures of a kvstore backup that is kicked off from a script.

Tags (1)

codebuilder
Influencer

There are several ways that you can tackle this.

Capture output from the Splunk command:

./splunk show kvstore-status

Use the REST API:

curl -k -u user:pass https://<host>:<mPort>/services/kvstore/status
curl -k -u user:pass https://<host>:<mPort>/services/messages

Errors and warnings are logged to both splunkd.log and mongod.log

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

pedromunoz
Engager

I had the same question.
We found the following event in the internal logs of the Search Head were the kvstore backup was run:

127.0.0.1 - admin [03/Feb/2020:17:15:44.925 -0500] "POST /services/kvstore/backup/create HTTP/1.1" 200 1747 - - - 0ms

Otherwise we have yet to determine a reliable way to identify the status of a kvstore backup job from internal/introspection logs.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...