×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
tinscore
New Member
Member since: ‎04-24-2021
‎04-25-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-24-2021
Activity Feed
Topics I've Started
View All

kvstore failing to start

by in Installation
‎04-24-2021 10:35 PM
‎04-24-2021 10:35 PM
Trying to run splunk in a docker container - which I can successfully get running. however... Once I try to add a persistent volume for /splunkhome/var and /splunkhome/etc, the kvstore fails to start. The persistent volume is being hosted on a NAS (synology diskstation) which is being mounted to my linux host via SMB (cifs) with the local admin of the NAS - so I should have full permissions to the share. I've been able to observe the following error "homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem." are SMB file shares not supposed by splunk? I can get past this error by adding "OPSIMISTIC_ABOUT_FILE_LOCKING = 1" to splunk-launch.conf but then I get stuck with where kvstore failing to start.  kvstore logs indicate it's because the permissions are too open - even though I've changed them to 400.   Any insight from your beautiful minds? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-25-2021 09:13 AM