Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to view Splunk KV store status

Sathish28
Explorer
‎01-21-2025 03:25 AM

We are migrating the Splunk 9.0.3 Search Head from Virtual box to Physical box.
Splunk services were up and running in new Physical box but in Splunk Web UI, I was unable to login using the
my authorized credentials and found the below error in Splunkd.log
 
01-21-2025 05:18:05.218 -0500 ERROR ExecProcessor [3275615 ExecProcessor] - message from "/apps/splunk/splunk/etc/apps/splunk_app_db_connect/bin/server.sh" action=task_server_start_failed error=com.splunk.HttpException: HTTP 503 -- KV Store initialization failed. Please contact your system administrator

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-25-2025 02:32 AM

Hi

as @VatsalJagani already said that error message didn’t relate to you login issue. It’s just told that your DB connect didn’t work as kvstore is somehow broken/stop.

On splunkd.log should be some lines which could help us to see what was a real issue.

But let’s start that migration part as it’s quite obvious that it has something to do with this issue!

From where you migrated it and what is target environment?

How do you do the migration?

Was there any issues before migration?

Anything else we should know?

r. Ismo

0 Karma
Reply

kiran_panchavat
Champion
‎01-25-2025 02:13 AM

@Sathish28 


1. Check status of KV store


2. Verify the status of the KV Store service

./splunk show kvstore-status


3. Check mongod.log

less /opt/splunk/var/log/splunk/mongod.log

4. Verify that the permissions for the KV Store directories and files are set correctly. Incorrect permissions can prevent the KV Store from initializing.

  • Set splunk.key to the default file permission.
    chmod 600 $SPLUNK_HOME/var/lib/splunk/kvstore/mongo/splunk.key
    Restart Splunk
Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎01-25-2025 12:33 AM

@Sathish28- Few things I want to take your attention:

  • The error you are seeing is not related to the login issue you are having at all.

 

For the Login Issue:

  1. Are you trying LDAP credential?
    1. Login first with Admin Splunk native account.
    2. Then fix the LDAP related issue. Check Splunk internal logs & LDAP configuration page.
  2. Is it Splunk native authentication?
    1. Then you might need to reset the creds.

 

For Mongod related errors you are seeing in the logs. As suggested by @splunkreal  please check the Splunk's internal logs to find the details on why mongodb service unable to start.

 

I hope this helps!!! Kindly upvote if it does!!!

0 Karma
Reply

splunkreal
Motivator
‎01-24-2025 06:55 AM

check mongod.log under $SPLUNK_HOME/var/log/splunk/

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...