Splunk Enterprise Security

KVStoreConfigurationProvider: KV Store is not available, status is 'failed'

waddellt
Engager
Installing Splunk Enterprise Security and getting the ERROR: KVStoreConfigurationProvider - KV Store is not available. Its status is 'failed'.
0 Karma

ivanreis
Builder

Hi waddellt, please check this article to troubleshoot the kvstore

https://docs.splunk.com/Documentation/Splunk/8.0.0/Admin/TroubleshootKVstore

Per the article it seems that your failed kvstore message is related to:
failed - Failed to bootstrap and join the search head cluster.

if you are working on a Splunk Enterprise Security search head cluster you can also run a command to resync or if it did not work, clean-up the kvstore for this particular server.
try first :
- Resync kvstore (https://docs.splunk.com/Documentation/Splunk/8.0.0/Admin/ResyncKVstore#Resync_stale_KV_store_members)
- splunk resync kvstore [-source sourceId]

Note: if you are running on a cluster, please manual run a backup on the kvstore from a note that kvstore is working properly, check this procedure here(https://docs.splunk.com/Documentation/Splunk/8.0.0/Admin/BackupKVstore)

Or if you are running on a stand alone instance you can clean the kvstore. Please be carefully, because it will reset all the data into the kvstore and you can lose the data that was there. On the previous link I provided, you have the both commands.

splunk clean kvstore --local

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...