I am running Splunk 8.1.0.1 on Windows Server 2016. The KVStore keeps failing when I start up Splunk service. This causes Splunkd server to fail after some time causing the need to restart it to access the Splunk GUI. Are there any logs I should gather to identify what the issue is?
I have read through some forums and tried the "stop Splunk, move server.pem file, start Splunk" to generate a new server certificate, but I am still getting the KVStore failure.
Any help would be greatly appreciated as I am at a loss at this point.
D:\SplunkData\kvstore\mongo\journal\lsn
Gave full permissions to the Splunk Administrators OU.
I fixed the issue. Found out the lsn file in kvstore/mongo/journal didn't have appropriate permissions. This was in the mongod.log file after stop/start of Splunk service.
Hi @mdplourde good to know you resolved this troublesome kvstore issue.. good that you answered as well.
maybe, you could just give us the full path of the file and the file permissions which you updated and accept your reply as the solution, so that this question will be moved from unanswered to answered. thanks.
D:\SplunkData\kvstore\mongo\journal\lsn
Gave full permissions to the Splunk Administrators OU.