Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is KV Store initialization failing on one of our add-on to receive logs?

khusain_splunk
Splunk Employee
Splunk Employee
‎04-30-2019 07:18 AM

While setting up one of our add-on to receive logs, we encountered an issue. While reviewing the internal log we found an error (HTTPError: HTTP 503 error Service Unavailable -- KV store initialization failed . This error also shows up every time splunk services are restarted.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

khusain_splunk
Splunk Employee
Splunk Employee
‎04-30-2019 07:23 AM

Hi,

Please check mongod.log under $SPLUNK_HOME/var/log/splunk/, if it says related to SSL certificate, exp:

The provided SSL certificate is expired or not yet valid.
No SSL certificate validation can be performed since no CA file has been provided; please specify an sslCAFile

Then, you need to renew the SSL certificate. If you are using third-party certificate then place the new certificate and restart splunkd. Else, if you are on default certificate, go under $SPLUNK_HOME/etc/auth/ and rename server.pem file and restart the splunk which will generate the new SSL certificate and kv store will be up .

Thanks
Kashif Husain

View solution in original post

Reply
Solved! Jump to solution
Solution

khusain_splunk
Splunk Employee
Splunk Employee
‎04-30-2019 07:23 AM

Hi,

Please check mongod.log under $SPLUNK_HOME/var/log/splunk/, if it says related to SSL certificate, exp:

The provided SSL certificate is expired or not yet valid.
No SSL certificate validation can be performed since no CA file has been provided; please specify an sslCAFile

Then, you need to renew the SSL certificate. If you are using third-party certificate then place the new certificate and restart splunkd. Else, if you are on default certificate, go under $SPLUNK_HOME/etc/auth/ and rename server.pem file and restart the splunk which will generate the new SSL certificate and kv store will be up .

Thanks
Kashif Husain

Reply
Solved! Jump to solution

tsondo
Explorer
‎08-22-2023 03:48 AM

A late follow up to this. Updating the certificate made no difference. I am using a third party certificate and it is current and valid. To "fix" it, I backed up my splunk configs, deleted the drive, reinstalled, and put the configs back again. Now it works. Something about the 8 to 9 upgrade just doesn't work. Reinstalling is easier than finding out what went wrong. Fortunately I only have to go through that once. The 9.x updates have not given me any further trouble.

0 Karma
Reply
Solved! Jump to solution

tsondo
Explorer
‎01-25-2023 11:03 AM

I am having the same issue, with kv store failing to initialize after upgrade from 8.25 to 9.03. I already copied the correct certificates back to etc/auth, and restarted splunkd, but same issue. Which conf file points Splunk to the correct certificate? Maybe it got replaced in the upgrade and I need to edit it?

Reply
Solved! Jump to solution

dodland
Engager
‎04-01-2022 01:24 PM

Saved my bacon on a Friday afternoon, thank you!!!!

0 Karma
Reply
Solved! Jump to solution

splunkreal
Motivator
‎06-07-2021 04:38 AM

Hello,

is this documented in official Splunk docs?

Thanks.

 

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Solved! Jump to solution

Mesa_Splunkr
Loves-to-Learn
‎10-11-2020 02:03 PM

I am having issues setting up a proofpoint TAP app, here is what the log says.

 -0500 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Proofpoint-TAP/bin/proofpoint_tap_siem.py" proofpoint_tap_siem://TAP API: stream_events/HTTP 503 Service Unavailable -- KV Store initialization failed. Please contact your system administrator.

I found this article very helpful; however, my certificate is valid, and does not expire till 7/23/2023. My mongod.log also has the following in it.

W CONTROL  No SSL certificate validation can be performed since no CA file has been provided; please specify an sslCAFile parameter

I am checking the date via GUI when I login to the splunk server. I will research more, wanted to post this to see if you can help. Thanks in advance.

 

 

0 Karma
Reply
Solved! Jump to solution

kcooper
Communicator
‎03-11-2021 03:38 AM

I just replaced my certificate and the data from our Azure accounts started ingesting again but then it stopped again. 

Received same error:  HTTP 503 Service Unavailable -- KV Store initialization failed.

Any idea how to fix this issue if the certificate is still active? 

0 Karma
Reply
Solved! Jump to solution

_smp_
Builder
‎02-20-2020 07:03 PM

This just saved my a$$. Thanks!

Reply
Solved! Jump to solution

ssuluguri
Path Finder
‎06-30-2023 08:43 AM

I was getting same error, but after splunk restarted data started collecting

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...