×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Dabbsy
Explorer
Member since: ‎09-05-2024
‎07-18-2025
Community Statistics
Posts 6
Solutions 1
Karma Given 1
Karma Received 0
Member Since ‎09-05-2024
View All

Re: Upgrading splunk on Linux - missing bin direct...

by in Installation
‎09-17-2024 12:32 AM
‎09-17-2024 12:32 AM
Hi PickleRick i was going from 9.0.1 to 9.3.0. cheers,  Dabbsy ... View more

Re: Upgrading splunk on Linux - missing bin direct...

by in Installation
‎09-16-2024 08:55 AM
‎09-16-2024 08:55 AM
Hmm interesting - so for info in case anyone else gets the same issue. uninstalled splunk package rpm -e splunk.x86_64 then rpm -i -prefix=/hopt package_name.rpm did the trick. I had tried uninstalling and then installing earlier, but that didn't work,  for some reason it needed the prefix option. bin directory now recreated and I can now start splunk :-). ... View more

Upgrading splunk on Linux - missing bin directory.

by in Installation
‎09-16-2024 08:07 AM
‎09-16-2024 08:07 AM
I'm upgrading splunk enterprise to 9.3 using the rpm file, but when I run  rpm -U splunk-9.3.0-51ccf43db5bd.x86_64.rpm it installs all the folders, but removes the bin directory, so I can't then start splunk. i've searched through the communities, and a few people seem to have hit the issue on windows, but not linux. how can I get around this issue? thanks Dabbsy ... View more

Re: KVStore - is it used in our installation?

by in Splunk Enterprise
‎09-10-2024 01:18 AM
‎09-10-2024 01:18 AM
Thanks dural_yyz that's saying current.backupRestoreStatus = ready current.status=failed so looks it's in use but not happy, and that's probably why the command isn't working. i've found a hit about an old mongod.lock being present, so I'm going to arrange an outage to restart after removing the lock file.   Will report back how this goes.... thanks ... View more

Re: KVStore - is it used in our installation?

by in Splunk Enterprise
‎09-06-2024 08:12 AM
‎09-06-2024 08:12 AM
Thanks for the reply Rich.  I have an splunk admin account (that I log onto the splunk console with), but that password doesn't work. When you say local account - is this different and if it is, how would I set one of these up? ... View more

KVStore - is it used in our installation?

by in Splunk Enterprise
‎09-05-2024 07:41 AM
‎09-05-2024 07:41 AM
I'm looking into upgrading Splunk Enterprise from 9.0.4 to 9.3.0. following the upgrade docs, there's a step to backup the KV Store. Check the KV store status To check the status of the KV store, use the show kvstore-status command: ./splunk show kvstore-status When I run this command, it's asking me for a splunk username and password.  this was handed over by a project team, but nothing was handed over about what the splunk password might be, or also if we actually  use a KV store.  I've tried the admin password, but that's not worked. I've found some splunk documents advising the KV store config would be in $SPLUNK_HOME/etc/system/local/server.conf, under [kvstore] There is nothing in our server.conf under kvstore. I've also found some notes talking about KVStore not starting if there's a $SPLUNK_HOME\var\lib\splunk\kvstore\mongo\mongod.lock file present We have 2 splunk servers - one of these has a lock file dated Oct 2022, and the other dated July 19th.  So based on this, I suspect it's not used otherwise we'd have hit issues with it before? That's just a guess, but this is my first foray into splunk, so I thought I'd ask if, based on the above scenarios whether I need to back up the KV store or not, or are there any other checks to confirm definitively if we have a KV store that's used? thanks in advance   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-18-2025 07:34 AM
Karma given to
View All