Solved: Re: having hundreds of sqlitePersistentStorageImp ...

univofmem · ‎04-01-2016

04-01-2016 06:55:15.159 -0500 ERROR SQLitePersistentStorageImpl - Error processing enumerate: database disk image is malformed
04-01-2016 06:55:16.538 -0500 ERROR FSChangeMonitor - Exception thrown in update(2) - continuing

This happened after server crashed due to raid card error

rmorlen_splunk · ‎04-15-2016

To correct this, browse to /opt/splunk/var/lib/splunk/persistentstorage/fschangemanager_state/ and in that directory, there is also a file called "fschangemanager_state". Rename that file or move it to a temporary location and then restart Splunk.

View solution in original post

rmorlen_splunk · ‎04-15-2016

To correct this, browse to /opt/splunk/var/lib/splunk/persistentstorage/fschangemanager_state/ and in that directory, there is also a file called "fschangemanager_state". Rename that file or move it to a temporary location and then restart Splunk.

univofmem · ‎04-15-2016

Thanks..Fixed it.

brent_weaver · ‎06-14-2017

I am seeing this error on a system with a UF, does this process need to be done on the UF or the splunk server. If splunk server, which server in a distributed env?

rmorlen_splunk · ‎06-14-2017

This would be on the server running the UF since it is doing the monitoring.

having hundreds of sqlitePersistentStorageImp errors in splunkd logs

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform