Splunk Enterprise Security

What steps must I do to resolve KVStore status Failed?

Spinner79
Explorer

Hi all,

need some help. my SH2 kvstore is always showing "Status: Failed" despite me reinstalling entire Splunk Enterprise 

Below mentioned steps done but still no luck:

- Rebuild Splunk Enterprise

- Recreated Self sign Cert

- removed and rebuild Mongo 

- revert back to Splunk default Self Sign cert Kvstore shows Ready but not on created self sign cert.

 

Labels (1)
Tags (2)
0 Karma

woodcock
Esteemed Legend

Stop Splunk, remove $SPLUNK_HOME/*, reinstall Splunk, start Splunk.

Tags (1)
0 Karma

tscroggins
Influencer

Hi,

Have you added your self-signed certificate to $SPLUNK_HOME/etc/auth/cacert.pem?

What errors (E) or warnings (W) are logged to $SPLUNK_HOME/var/log/splunk/mongod.log just before mongod shuts down?

0 Karma

Spinner79
Explorer

Hi

Today i tried reinstalling everything on to the similar server with fresh OS reinstalled still the same.

I have 2 SH my SH1 do not have this problem only my SH2 have this issue and both configured the same way.

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...