KV Store status is currently unknown- How to resol...

jpvalenc · ‎03-22-2023

We're intermittently getting this error (so far twice in 2 weeks) when trying to use the lookup command on a kvstore.

The full error message is " External command based lookup <kv_store> is not available because KV Store status is currently unknown".

We only found the error through the logs a few hours after the failure because the scheduled search with the lookup command didn't run successfully. When ran manually or on its next schedule, the search was running fine. KV store is also working as intended upon checking.

I couldn't find information online on what the "unknown" status means regarding kv stores.

Has anyone else seen this error?

woodcock · ‎04-20-2023

This probably means your KVStore is down. It is probably related to the WiredTiger upgrade. Use the CLI to debug and fix:
https://docs.splunk.com/Documentation/Splunk/latest/Admin/MigrateKVstore

etoombs · ‎04-20-2023

Did you ever figure this out? I'm seeing the same problem.

jpvalenc · ‎09-21-2023

No, I never did but it did stop happening so I have no idea what caused it.

KV Store status is currently unknown- How to resolve this error?

lookup

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

KV Store status is currently unknown- How to resolve this error?

lookup

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk