Splunk Enterprise Security

KV Store initialization failed. Please contact your system administrator

krvamsireddy
Explorer

KV Store initialization failed. Please contact your system administrator

Unable to initialize modular input "microsoft_graph_security" defined in the app "TA-microsoft-graph-security-add-on-for-splunk": Unable to locate suitable script for introspection..

Tags (1)
0 Karma

anilchaithu
Builder

@krvamsireddy 

From the logs it is clear that the cert was expired and you need to generate a new server cert.

  • Check the validity of the cert using below command. This should give you the end data of the cert
openssl x509 -noout -enddate -in /opt/splunk/etc/auth/server.pem
  • To generate a new ssl cert

 

/opt/splunk/bin/splunk createssl server-cert 3072 -d /opt/splunk/etc/auth -n server -c <FQDN>

 

  • Restart splunk
  • check kvstore status

 

/opt/splunk/bin/splunk show kvstore-status

 

 

-- Hope this Helps

krvamsireddy
Explorer

net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.

 2020-11-23T06:21:24.238Z F NETWORK  [main] The provided SSL certificate is expired or not yet valid.

 2020-11-23T06:21:24.238Z F -        [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 1120

 2020-11-23T06:21:24.238Z F -        [main]

 ***aborting after fassert() failure

 2020-11-23T13:44:48.109Z W CONTROL  [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.

 2020-11-23T13:44:48.122Z F NETWORK  [main] The provided SSL certificate is expired or not yet valid.

 2020-11-23T13:44:48.122Z F -        [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 1120

 

0 Karma
Get Updates on the Splunk Community!

Set Up More Secure Configurations in Splunk Enterprise With Config Assist

This blog post is part 3 of 4 of a series on Splunk Assist. Click the links below to see the other ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...