Found these gems and they worked for me: For SSLHandshakeFailed errors in mongod.log  -> https://splunk.my.site.com/customer/s/article/Upgrade-failure-for-Mongo-after-upgrading-Splunk-to-9-4 For unsupported WiredTiger file version errors in mongod.log -> https://splunk.my.site.com/customer/s/article/Upgrade-failure-for-Mongo-after-upgrading-Splunk-to-9-4 These helped me see the beautiful UI Message: KV Store upgrade to the version 7.0 is successfully completed! Best of luck! ... View more

I don't believe this is correct.  Splunk uses the splunk.secret file for encrypting and decrypting passwords and other sensitive info in its configuration files. Splunk uses different algorithms for password hashing: $6 (SHA-512): This algorithm is used for hashing passwords.   $7 (Encryption): This algorithm requires the splunk.secret file for decryption.  This is what makes it portable and useful with automation. You can generate a password hash using splunk hash-passwd <somePassword> Then you can run something like this before you start Splunk. cat <<EOF > $SPLUNK_HOME/etc/system/local/user-seed.conf [user_info] USERNAME = admin HASHED_PASSWORD = $6$TOs.jXjSRTCsfPsw$2St.t9lH9fpXd9mCEmCizWbb67gMFfBIJU37QF8wsHKSGud1QNMCuUdWkD8IFSgCZr5.W6zkjmNACGhGafQZj1 EOF Alternatively you can create and export a user-seed.conf file with the same information, put it in Ansible Vault and then have it placed in $SPLUNK_HOME/etc/system/local as part of the automation None of the hosts that user-seed.conf is being distributed to have to have the same splunk.secret since it's just hash-matching, not decrypting.   ... View more