Thank you for feedback, typically I would use chmod o-rwx but the admin on this site asked me to use 755 instead, however since I had nothing to lose I changed it to o-rwx.

This doesn't appear to have had any effect, I restarted splunk and restarted the ES installation. ES is still hanging on the installing applications piece and the same KV Store errors I listed above have appeared in splunkd.log since the restart.

Sorry, correction on this, mongodb should have a 400 permission. I would specifically fix this:

chmod 400 /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key

See if that clears the error.

I would also check out the following Answer as it might help pinpoint if this is indeed your issue, since it is also suggested in there that an upgrade to 6.3 didn't refresh one user's SSL certificates which also was causing an issue with the KVStore:

https://answers.splunk.com/answers/236495/splunk-kv-store-does-not-start.html

400 cleared my kvStoreStatus error. Thank you.

curl -k -s https://localhost:8089/services/server/info | grep kvStore

But yes, I had to have a conversation with our Linux engineer that excessive permissions is not the way to go. It is general all around bad security practices anyway. Depending on the security requirements in your organization this might even be a policy violation since you would have effectively set global read/execute permissions to your collected log data (which is bad). That was why I suggested raking back the global permissions across your install.

Linux, unlike Windows, will get quite upset with you for doing bad permissions.