Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to solve problem with kv store after upgrading to Splunk enterprise version9?

benedict
Observer
‎09-26-2022 02:29 PM

I recently upgraded our splunk enterprise to version9.0.1 but I do have problems with the kvstore. Any ideas on how to deal with this please?

Labels (3)
0 Karma
Reply

benedict
Observer
‎09-27-2022 06:40 AM

Hi @chaker,

Firstly I did an upgrade from version 8.2 to 9.0.1 in a non-prod environment which I had to migrate the kvstore storage to wiredTiger. Now the plan was to push this upgrade to my prod environment but since the prod environment still has the old DB (kv-store), it could overwrite the data and could lead to data loss in the prod environment. so this is my major problem. 

0 Karma
Reply

chaker
Contributor
‎09-27-2022 05:12 PM

Hi @benedict 

Follow this document to backup the KVStore.

https://docs.splunk.com/Documentation/Splunk/9.0.1/Admin/BackupKVstore

Here is the upgrade document for KV store for V8.0. Change version to match your exact point release.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎09-27-2022 09:22 AM

Hi

what you are meaning with “push to production”?

The normal way is just upgrade first mongodb to WiredTiger and after that to do a splunk upgrade to 9.0.1. That will convert data to the newer version and not overwrite it.

r. Ismo

0 Karma
Reply

chaker
Contributor
‎09-26-2022 06:55 PM

Hi @benedict 

Can you describe the exact problem you are having? V9 does make some upgrades to the KV Store, you may need to upgrade the storage engine to "WiredTiger"

https://docs.splunk.com/Documentation/Splunk/9.0.1/ReleaseNotes/MeetSplunk

To take advantage of the most up-to-date KV Store in this latest release, Splunk Enterprise 9.0 comes with a set of tools to guide the upgrade of your KV store server version to v4.2, as well as the migration of your KV Store storage engine. These updates are required in Splunk Enterprise 9.0. See Migrate the KV store storage engine in the Admin manual to plan your migration.

http://docs.splunk.com/Documentation/Splunk/9.0.1/Admin/MigrateKVstore

 

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...