Splunk Enterprise Security

KVStoreConfigurationProvider: KV Store is not available, status is 'failed'

waddellt
Engager
Installing Splunk Enterprise Security and getting the ERROR: KVStoreConfigurationProvider - KV Store is not available. Its status is 'failed'.
0 Karma

ivanreis
Builder

Hi waddellt, please check this article to troubleshoot the kvstore

https://docs.splunk.com/Documentation/Splunk/8.0.0/Admin/TroubleshootKVstore

Per the article it seems that your failed kvstore message is related to:
failed - Failed to bootstrap and join the search head cluster.

if you are working on a Splunk Enterprise Security search head cluster you can also run a command to resync or if it did not work, clean-up the kvstore for this particular server.
try first :
- Resync kvstore (https://docs.splunk.com/Documentation/Splunk/8.0.0/Admin/ResyncKVstore#Resync_stale_KV_store_members)
- splunk resync kvstore [-source sourceId]

Note: if you are running on a cluster, please manual run a backup on the kvstore from a note that kvstore is working properly, check this procedure here(https://docs.splunk.com/Documentation/Splunk/8.0.0/Admin/BackupKVstore)

Or if you are running on a stand alone instance you can clean the kvstore. Please be carefully, because it will reset all the data into the kvstore and you can lose the data that was there. On the previous link I provided, you have the both commands.

splunk clean kvstore --local

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...