Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Kv Store Backup Failing

Fenilleh
Engager
‎05-07-2025 10:08 AM

Hello everybody!
The problem that I have is that when I try to make a Backup of the KVStore on my Search Head, it fails after it is done dumping or while dumping the data. 
Splunk tells me to look into the logs but besides some basic info that the backup has failed I cant find any info in splunkd and mongo logs.
From my understanding, it is important that, since I'm using the point_in_time option, I have to make sure no searches are writing into the KV Store when I start the backup. Since Splunk makes a Snapshot of the moment I'm starting the backup, searches that modify the KVStores afterwards shoudln't impact the backup, right?
I made sure no searches have the running status when starting the Backup.
Does anybody have tips or threads that are about this topic?
I thought about stopping the scheduler during the backup, but since there are important searches running I want to look into all the options I have before taking drastic measures.
Thanks for any Tips and Hints in Advance!

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Fenilleh
Engager
‎07-01-2025 04:52 AM

Thanks for Replying! 
The issue was forwarded to Splunk Support by me.
I was told that since the Search Head is standalone, the option point_in_time is not needed.
The update was done successfully and the backup was luckily not required to be used.

View solution in original post

Reply
Solved! Jump to solution
Solution

Fenilleh
Engager
‎07-01-2025 04:52 AM

Thanks for Replying! 
The issue was forwarded to Splunk Support by me.
I was told that since the Search Head is standalone, the option point_in_time is not needed.
The update was done successfully and the backup was luckily not required to be used.

Reply
Solved! Jump to solution

Bhumi
Path Finder
‎06-29-2025 09:16 AM

Hi @Fenilleh 

 

Is the issue resolved or still you are facing an issue? If issue still persists,please paste the error whatsoever you are getting in splunkd and mongod. 

Also, I am attaching one KB article, have a look if that is relevant. 

https://splunk.my.site.com/customer/s/article/KV-Store-Backup-Fails

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...