All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

"Key value store must be enabled" prompted during Splunk App for Windows Infrastructure setup -- Why?

ananthan123
Explorer
‎08-15-2017 07:28 AM

Hello,

I have installed Splunk App for Windows Infrastructure, but when I run setup I am getting this error message:

Splunk v6.2.0+
OK: Splunk v6.3.3 detected
Key value store must be enabled. Please enable it. Learn more.

From which server it is throwing this error message? There are few Windows servers. How do I fix it ?

0 Karma
Reply

gordo32
Communicator
‎10-10-2018 10:21 AM

I ran into this on Linux, and it was because the server wasn't configured to be a slave to an Splunk Enterprise license master. Added the following stanza to server.conf

[license]
master_uri: = https://license-server:8089

After restarting Splunk, KVStore is up and running again. A couple other side-effects is that the "Map groups" action disappears under LDAP Settings (presumably, the mapping uses kv store / mongodb to store the role -> group mappings).

Another option would be to install an Enterprise license locally on the server, but since this is a search head only, that doesn't make a lot of sense.

0 Karma
Reply

ananthan123
Explorer
‎08-15-2017 09:43 AM

Thank you very much. Do I need to go on all the Windows Servers and need to change the permission?

0 Karma
Reply

alemarzu
Motivator
‎08-15-2017 11:00 AM

Only those that present the kvstore error.

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎08-15-2017 08:06 AM

There are several previous Answers postings that talk about how to troubleshoot this issue. It could be a permissions and/or cert issue. See https://answers.splunk.com/answers/338872/splunk-app-for-windows-infrastructure-how-to-troub.html for one discussion, and links to others.

Reply

nwieseler
Path Finder
‎07-17-2018 10:37 PM

I downvoted this post because 404 on the link

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎07-18-2018 05:36 PM

@nwieseler: I just checked the link and it worked for me. Can you try again in an incognito tab?

0 Karma
Reply

nwieseler
Path Finder
‎07-18-2018 05:58 PM

Just tried on mobile and nothing? Not a big deal.

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎07-19-2018 08:23 AM

Got it, the post is restored now and you should be able to see it.

0 Karma
Reply

nwieseler
Path Finder
‎07-19-2018 09:40 AM

And now I can't cancel my vote after one day... Sorry man.

0 Karma
Reply

alemarzu
Motivator
‎08-15-2017 08:05 AM

Hello @ananthan123,

The host that it is reporting it, is probably the one were you are trying to install Windows Infrastructure app. This apps needs kvstore to work properly if I'm not mistaken.

First, just to be sure wich host is reporting that error:

  • index=_internal (sourcetype=mongod OR sourcetype=splunkd) log_level!=INFO KV store

This could probably a permission issues, so do this.

  1. Go to $SPLUNK_HOME\var\lib\splunk\kvstore
  2. Change the permissions recursively to mongo folder to the accound that is running Splunk.
  3. Restart Splunk.

Hope it helps.

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...