The Gemini app for Splunk KV Store includes the following features:
This functionality is implemented through a generating search command. Simply run or schedule a search like the following:
| kvstorebackup app="app_name" collection="collection_name" path="/data/backup/kvstore" global_scope="false"
The backup process will write one or more .json or .json.gz files (one for each collection).
Arguments:
- (Optional) app: <string> - Set the app in which to look for the collection(s). (Default: all apps).
(Optional) path: <string> - Set the directory path for the output files. (Default: the the setting in the app Setup page)
(Optional) global_scope: [true|false] - Specify the whether or not to include all globally available collections. (Default: false)
(Optional) collection: <string> - Specify the collection to backup within the specified app. (Default: All)
(Optional) compression: [true|false] - Specify whether or not to compress the backups. (Default: false)
Best Practice: In a Search Head Cluster (SHC) environment, map a shared network drive to all members so that the backed-up collections are available to all of them.
This functionality is implemented through a generating search command. Run a search such as:
| kvstorerestore filename="/backup/kvstore/app_name#collection_name#20170130*"
The restore process will delete the KV Store collection and overwrite it with the contents of the backup.
Arguments:
- (Required) filename: <string> - Specify the file to restore the data from.
This functionality is implemented through a streaming search command. Run a search such as:
| inputlookup lookup_name where domain="*splunk.com" | deletekeys collection="collection_name"
Deletes records from a KV Store collection based on _key value in search results
Arguments:
- (Required) collection: <string> - Specify the file to restore the data from.
This functionality is implemented through a generating search command. Run a search such as:
| deletekey collection="collection_name" key="key_value"
Deletes a specific record from a KV Store collection based on _key value
Arguments:
- (Required) collection: <string> - Specify the file to restore the data from.
- (Required) key: <string> - Specify the value for the _key field in the collection record.
Resolved an issue with the KV Store Overview dashboard having the wrong fields per collection
Fixed the bug where a limited number of collections were backed up if there were more than 30 on a host
New Features:
- KV Store migrate: Copy KV Store collections from one Splunk search head to another. Deletes the existing collections before restoring (unless otherwise specified).
- Delete Keys: Delete KV Store records from a collection based on _key values in search results.
- Delete Key: Delete KV Store records from a collection based on user input.
- KV Store alert action: Similar to outputlookup, but can be toggled on/off by users that have permissions to edit search jobs without modifying the search.
- Fixed a bug where not all collections were captured
- Expanded functionality to automatically enumerate collections in all apps
- Implemented batched backups
- New app icon
- Fixed a bug where not all collections were captured
- Expanded functionality to automatically enumerate collections in all apps
- Implemented batched backups
- Added deletekeys command
- Added deletekey command
- Updated kvstorerestore command
- Updated kvstorebackup command
- Updated setup page
- Updated view permissions (export=none)
- Updated help page
- Updated README
Initial Release
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.