KV Store status is currently unknown- How to resol...

jpvalenc · ‎03-22-2023

We're intermittently getting this error (so far twice in 2 weeks) when trying to use the lookup command on a kvstore.

The full error message is " External command based lookup <kv_store> is not available because KV Store status is currently unknown".

We only found the error through the logs a few hours after the failure because the scheduled search with the lookup command didn't run successfully. When ran manually or on its next schedule, the search was running fine. KV store is also working as intended upon checking.

I couldn't find information online on what the "unknown" status means regarding kv stores.

Has anyone else seen this error?

woodcock · ‎04-20-2023

This probably means your KVStore is down. It is probably related to the WiredTiger upgrade. Use the CLI to debug and fix:
https://docs.splunk.com/Documentation/Splunk/latest/Admin/MigrateKVstore

etoombs · ‎04-20-2023

Did you ever figure this out? I'm seeing the same problem.

jpvalenc · ‎09-21-2023

No, I never did but it did stop happening so I have no idea what caused it.

KV Store status is currently unknown- How to resolve this error?

lookup

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!