Solved: having hundreds of sqlitePersistentStorageImp erro...

univofmem · ‎04-01-2016

04-01-2016 06:55:15.159 -0500 ERROR SQLitePersistentStorageImpl - Error processing enumerate: database disk image is malformed
04-01-2016 06:55:16.538 -0500 ERROR FSChangeMonitor - Exception thrown in update(2) - continuing

This happened after server crashed due to raid card error

rmorlen_splunk · ‎04-15-2016

To correct this, browse to /opt/splunk/var/lib/splunk/persistentstorage/fschangemanager_state/ and in that directory, there is also a file called "fschangemanager_state". Rename that file or move it to a temporary location and then restart Splunk.

View solution in original post

rmorlen_splunk · ‎04-15-2016

To correct this, browse to /opt/splunk/var/lib/splunk/persistentstorage/fschangemanager_state/ and in that directory, there is also a file called "fschangemanager_state". Rename that file or move it to a temporary location and then restart Splunk.

univofmem · ‎04-15-2016

Thanks..Fixed it.

brent_weaver · ‎06-14-2017

I am seeing this error on a system with a UF, does this process need to be done on the UF or the splunk server. If splunk server, which server in a distributed env?

rmorlen_splunk · ‎06-14-2017

This would be on the server running the UF since it is doing the monitoring.

having hundreds of sqlitePersistentStorageImp errors in splunkd logs

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases