AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Splunk inputlookup overwrite clause12/21/2023 ![]() ![]() Uses the first non-null field value in the search results. (Optional) outputvalues: - Specify the fields/values to write to the collection record (e.g.(Optional) outputkeyfield: - Specify the output field to write the new key value to.(Optional) app: - Specify the app to find the collection(s) within.(Required) collection: - Specify the collection to create the new record within.Search | kvstorecreatefk collection="" outputkeyfield="" | outputlookup append=t This functionality is implemented through a streaming search command. The _key value becomes a foreign key reference in the search results, which can be written to a second lookup using outputlookup. Writes data from the search into a new KV store collection record and returns the record's _key value into the search as a new field. (Required) target: - Specify the hostname to download collections from. ![]() | kvstorepull app="" collection="" global_scope="" append="" target="" The replication process will delete the local KV Store collection and overwrite it with the remote contents unless append=true is set. Configure your remote Splunk credentials in the Setup page. (Default: false - deletes the collection prior to migrating)ĭownload local KV Store collection(s) from another instance to the local one. (Optional) append: - Specify whether or not to append records to the target KV Store collections.(Optional) collection: - Specify the collection to migrate.(Optional) port: - Specify the target splunkd port on the remote host.(Required) target: - Specify the hostnames in a comma separated list to upload collections to.| kvstorepush app="" collection="" global_scope="" append="" target="" Running the search command with no arguments will list existing backups in the default path. By default, the restore process will delete the KV Store collection and overwrite it with the contents of the backup unless append=true is set. Uses the filename to determine the app name and collection to write the data to. Restore a KV Store collection backup file to the local node. (Optional) compression: - Specify whether or not to compress the backups.(Optional) collection: - Specify the collection to backup.(Optional) global_scope: - Specify the whether or not to include all globally available collections.(Default: the the setting in the app Setup page) (Optional) path: - Set the directory path for the output files.(Optional) app: - Set the app in which to look for the collection(s).| kvstorebackup app="app_name" collection="collection_name" path="/data/backup/kvstore" global_scope="false" This functionality is implemented through a generating search command. NFS) among all nodes for backups to reliably enforce the retention policy and the kvstorerestore command functionality. ![]() For search head clusters, it's recommended to have a shared volume (e.g. The backup process will write one or more. : Deletes the collections from the target host before writing (unless otherwise specified).īack up a KV Store collection to disk on the local node. This functionality has been implemented by Splunk directly into the product since this was written. Send to Collection: Similar to outputlookup, but can be toggled on/off by users that have permissions to edit search jobs without modifying the search.Delete Keys: Delete KV Store records from a collection based on _key values in search results.Useful for writing linked entries in two lookups. Create Foreign Key: Creates an entry in a lookup and appends the resulting _key value to the current search results.Delete Key: Delete KV Store records from a collection based on user input.KV Store Pull: Copy KV Store collections from a remote Splunk search head (SH/SHC) to the local instance 1.KV Store Push: Copy KV Store collections from the local Splunk search head to a remote instance (SH/SHC) 1.Lists all existing backups in the default path if no arguments are given. KV Store Restore: Restore KV Store collections from backup jobs 1.KV Store Backup: Backup KV Store collections to the file system on the search head. ![]() The KV Store Tools for Splunk app includes the following features: Generating Commands KV Store Tools Redux - Splunk App by Deductiv Utilities for the Splunk App Key-Value Store ![]()
0 Comments
Read More
Leave a Reply. |