Thanks i found the commands to update the configs here for SHC settings but didnt find the resync command to update the deployer configs .

You do not require to resync, when you add new SH to SHC it will automatically get configuration bundle from Deployer and then it will contact Captain & download replicated config tarball.

I followed these steps to add new box to existing SHC, everything looks fine on the SHC side but kvstore status has been 'status : starting' since, and it's been over an hour. Is this normal or I missed something?

See these events in splunkd:

05-22-2025 21:07:58.608 -0400 ERROR KVStoreAdminHandler [1848035 TcpChannelThread] - An error occurred.
05-22-2025 21:07:36.668 -0400 ERROR KVStoreIntrospection [1848033 TcpChannelThread] - failed to get introspection data
05-22-2025 21:07:19.587 -0400 WARN KVStoreConfigurationProvider [1845927 MainThread] - Action scheduled, but event loop is not ready yet

Tried cleaning up kvstore by running "splunk clean kvstore --local --answer-yes" but that didn't change anything, status is still stuck in starting.

My bad 🙂

I removed Splunk and just rebuilt it fresh. Still same issue, kvstore has been in starting status. This is what I see in mongod.log:

2025-05-29T03:22:15.751Z I  CONTROL  [LogicalSessionCacheReap] Failed to reap transaction table: NotYetInitialized: Replication has not yet been configured
 2025-05-29T03:22:15.747Z I  CONTROL  [LogicalSessionCacheRefresh] Sessions collection is not set up; waiting until next sessions refresh interval: Replication has not yet been configured

Are you sure you're adding the same Splunk version and kvstore version (and engine) instance as the rest of the SHC?

You are adding it as a new member like @Prewin27 shows?

And you are using correct and same format for host names than you are used for those other nodes like FQDN, short names or IPs?

@rafiq_rehman 
Most probably no captain or kvstore port blocked on this new member.

the KVStore cannot reach "Ready" unless a captain is elected and cluster coordination is healthy. If there’s no captain or communication is broken, KVStore remains in "starting"

or kvstore default port 8191 might be blocked. If this port is blocked/network issues, KVStore cannot synchronize and will not start


Regards,
Prewin 
Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a kudos. Thanks!

It's the existing SHC, just trying to add new member. Captain is working and 8191 port is also opened. This is what I see in mongod log:

2025-05-29T03:22:15.751Z I  CONTROL  [LogicalSessionCacheReap] Failed to reap transaction table: NotYetInitialized: Replication has not yet been configured
 2025-05-29T03:22:15.747Z I  CONTROL  [LogicalSessionCacheRefresh] Sessions collection is not set up; waiting until next sessions refresh interval: Replication has not yet been configured

@rafiq_rehman 
These errors mean the new member’s KV Store is still in standalone mode.

Initialize SHC Config on the New Member

splunk init shcluster-config \
-auth <admin_user>:<admin_pass> \
-mgmt_uri https://<new_member_host>:8089 \
-replication_port <replication_port> \
-replication_factor <factor> \
-conf_deploy_fetch_url https://<deployer_host>:8089 \
-secret <pass4SymmKey> \
-shcluster_label <label>

Add the New Member to the Cluster
splunk add shcluster-member -current_member_uri https://<existing_member_or_captain>:8089

Confirm pass4SymmKey and mgmt_uri in $SPLUNK_HOME/etc/system/local/server.conf