Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to solve problem with kv store after upgrading to Splunk enterprise version9?

benedict
Observer
‎09-26-2022 02:29 PM

I recently upgraded our splunk enterprise to version9.0.1 but I do have problems with the kvstore. Any ideas on how to deal with this please?

Labels (3)
0 Karma
Reply

benedict
Observer
‎09-27-2022 06:40 AM

Hi @chaker,

Firstly I did an upgrade from version 8.2 to 9.0.1 in a non-prod environment which I had to migrate the kvstore storage to wiredTiger. Now the plan was to push this upgrade to my prod environment but since the prod environment still has the old DB (kv-store), it could overwrite the data and could lead to data loss in the prod environment. so this is my major problem. 

0 Karma
Reply

chaker
Contributor
‎09-27-2022 05:12 PM

Hi @benedict 

Follow this document to backup the KVStore.

https://docs.splunk.com/Documentation/Splunk/9.0.1/Admin/BackupKVstore

Here is the upgrade document for KV store for V8.0. Change version to match your exact point release.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎09-27-2022 09:22 AM

Hi

what you are meaning with “push to production”?

The normal way is just upgrade first mongodb to WiredTiger and after that to do a splunk upgrade to 9.0.1. That will convert data to the newer version and not overwrite it.

r. Ismo

0 Karma
Reply

chaker
Contributor
‎09-26-2022 06:55 PM

Hi @benedict 

Can you describe the exact problem you are having? V9 does make some upgrades to the KV Store, you may need to upgrade the storage engine to "WiredTiger"

https://docs.splunk.com/Documentation/Splunk/9.0.1/ReleaseNotes/MeetSplunk

To take advantage of the most up-to-date KV Store in this latest release, Splunk Enterprise 9.0 comes with a set of tools to guide the upgrade of your KV store server version to v4.2, as well as the migration of your KV Store storage engine. These updates are required in Splunk Enterprise 9.0. See Migrate the KV store storage engine in the Admin manual to plan your migration.

http://docs.splunk.com/Documentation/Splunk/9.0.1/Admin/MigrateKVstore

 

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...