Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

KVStore is not ready. Token auth system will not work.

whrg
Motivator
‎02-29-2024 04:26 AM

When I navigate to Settings > Tokens, I get this error message:

 

KVStore is not ready. Token auth system will not work.

 

Splunk logs shows this:

 

ERROR JsonWebToken [233289 TcpChannelThread] - KVStore is not ready. Token auth system will not work.
ERROR KVStoreConfigurationProvider [233052 KVStoreConfigurationThread] - Failed to start mongod on first attempt reason=KVStore service will not start because kvstore process terminated
ERROR KVStoreBulletinBoardManager [233053 MongodLogThread] - KV Store changed status to failed. KVStore process terminated..

 

How can this be fixed?

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

whrg
Motivator
‎03-05-2024 04:48 AM

I found the solution which I came across here: https://community.splunk.com/t5/Security/How-do-I-renew-an-expired-Splunk-Certificate/m-p/389701

Turns out, the Splunk certificate was expired. This is how I checked:

$ openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem
notAfter=Feb 27 13:56:21 2024 GMT

To get a new certificate, I removed the old certificate and restarted Splunk (a new certificate will be created when Splunk starts):

$ mv /opt/splunk/etc/auth/server.pem /opt/splunk/etc/auth/server.pem.backup

Now Settings > Tokens is working again.

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

whrg
Motivator
‎03-05-2024 04:48 AM

I found the solution which I came across here: https://community.splunk.com/t5/Security/How-do-I-renew-an-expired-Splunk-Certificate/m-p/389701

Turns out, the Splunk certificate was expired. This is how I checked:

$ openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem
notAfter=Feb 27 13:56:21 2024 GMT

To get a new certificate, I removed the old certificate and restarted Splunk (a new certificate will be created when Splunk starts):

$ mv /opt/splunk/etc/auth/server.pem /opt/splunk/etc/auth/server.pem.backup

Now Settings > Tokens is working again.

 

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎02-29-2024 06:20 AM
Hi
Have you looked from mongod.log (or something similar) why mongod didn’t start?
r. Ismo
0 Karma
Reply
Get Updates on the Splunk Community!

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...