Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

KV store termination issue frequently

uagraw01
Motivator
‎02-10-2025 08:31 AM

Dear Splunkers!!

Following the migration of our Splunk server from version 8.1.1 to 9.1.1, we have encountered persistent KV Store failures. The service terminates unexpectedly multiple times post-migration.



Issue Summary:

  • As a workaround, I renewed the server.pem certificate and rebuilt the MongoDB folder.
  • This temporarily resolves the issue, and KV Store starts working as expected.
  • However, the corruption reoccurs the following day, requiring the same manual interventions.

Request for Permanent Resolution:

I seek a permanent fix to prevent KV Store from repeatedly failing. Kindly provide insights into the root cause and recommend a robust solution to ensure KV Store stability post-migration.

Looking forward to your expert guidance.

0 Karma
Reply

uagraw01
Motivator
‎02-18-2025 05:30 AM

@livehybrid  For your information. I have changed the kvstore port from 8191 to 8192 and its start working properly since then.

0 Karma
Reply

livehybrid
Champion
‎02-10-2025 08:44 AM

Hi @uagraw01 

Are there any mongo/kvstore logs in $SPLUNK_HOME/var/log/splunk/splunkd.log or mongod.log with any error/critical/fatal or maybe even warning messages?

What process did you take to rebuild the mongoDB folder?

Thanks, hopefully we can help get to the bottom of it!

0 Karma
Reply

uagraw01
Motivator
‎02-10-2025 09:36 AM

I just removed complete kvstore folder from "/opt/splunk/var/lib/splunk/" after taking the backup and restart the splunk services.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top