Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

KV store initiation failure-what log is the most relevant for this kind of error?

Quantum
Explorer
‎05-30-2023 01:40 PM

KV  store initiation failure, I have got this area that says     ......"error in input lookup command external command-based lookup es notable events is not available because KV store initialization has failed contact your system administrator,"

 

 

what log is the most relevant for this kind of error would it be the mongodb log and look for a lock? is that a good route to go?

I am a pretty good engineer but new to Splunk and definitely could use some guidance on just about everything Splunk related.

 

0 Karma
Reply

Quantum
Explorer
‎05-30-2023 02:35 PM

05-30-2023 16:58:19.978 -0400 ERROR ExecProcessor [4245 ExecProcessor] - message from "/opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/dbxquery.sh" Exception in thread "main" java.lang.ExceptionInInitializerError 05-30-2023 16:58:19.978 -0400 ERROR ExecProcessor [4245 ExecProcessor] - message from "/opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/dbxquery.sh" at com.splunk.dbx.splunkclient.SplunkServiceBuilder.<clinit>(SplunkServiceBuilder.java:19)

 

 

/opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/dbxquery.sh"

0 Karma
Reply

Quantum
Explorer
‎05-30-2023 02:32 PM

2021-05-29T18:15:03.594Z I CONTROL [initandlisten] ** WARNING: No SSL certificate validation can be performed since no CA file has been provided 2021-05-29T18:15:03.594Z I CONTROL [initandlisten] ** Please specify an sslCAFile parameter.

 

Thanks for the reply what do you think is this the problem it seems to be that the Mongo database that is the key Value Store does not have a valid certificate and cannot access the application.

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-30-2023 11:12 PM

Quite probably this was the reason. I suppose that you have already found how to fix it? If you are using Splunk's own certs then this describes how to fix it https://community.splunk.com/t5/Security/How-do-I-renew-an-expired-Splunk-Certificate/m-p/389701. If you have own / public certs then do renew process as normally.

If you have changed to another CA than Splunk, then check from conf files that CA etc. files are pointed to correct places. There are couple of settings and some use different attributes for same thing.

0 Karma
Reply

Quantum
Explorer
‎05-30-2023 02:29 PM

Yeah it looks like it might be expired certificate I am getting that definitely in the Mongo log

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-30-2023 01:51 PM

Hi

you should look both mongodb.log and splunkd.log. You could search those from _internal index with sourcetype mongod or splunkd with host=<your host> source=*/<log file name>. Or look those from file /opt/splunk/var/log/splunk/….
r. Ismo

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...