icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Gemini KV Store Tools
SHA256 checksum (gemini-kv-store-tools_132.tgz) b67ffcaead0e8e3f90a03104d91993853e099f8b4a7aa8fdd430a3e686792778 SHA256 checksum (gemini-kv-store-tools_131.tgz) 1ff8ff98cbf22fa2e57d24c6e58add282d450ff6acb16f4c730d9a4625329985 SHA256 checksum (gemini-kv-store-tools_130.tgz) ec5e2403aab8228d04519feb4622fe4d105c2dde7fb00c5716b0b4c3bd1c31b0 SHA256 checksum (gemini-kv-store-tools_112.tgz) bc9d5f2cd40d76fe682b3154a07a02932d0fdca22c46bfd16a6620a04177518f SHA256 checksum (gemini-kv-store-tools_111.tgz) f9325c14f7a0d5a96a2afc32f29d9c133023a74c563bfc0b11479a504bb917b5 SHA256 checksum (gemini-kv-store-tools_110.tgz) e4b714ac4f33e19c66266fbbe8ad3f51d7783413eb2ed34173cc2ea068cbca42 SHA256 checksum (gemini-kv-store-tools_100.tgz) c6f36d1e64c2673b29d57fdc66447003d3c6eb422cd05d5bd2600302036649a4
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Gemini KV Store Tools

Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
The Gemini app for Splunk KV Store includes the following features:

- KV Store backup: Backup KV Store collections
- KV Store restore: Restore KV Store collections from backup jobs
- Delete Keys: Delete KV Store records from a collection based on _key values in search results
- Delete Key: Delete KV Store records from a collection based on user input
- KV Store alert action: Similar to outputlookup, but can be toggled on/off by users that have permissions to edit search jobs without modifying the search.

Gemini KV Store Tools for Splunk

Utilities for the Splunk App Key-Value Store

The Gemini app for Splunk KV Store includes the following features:

  • KV Store backup: Backup KV Store collections
  • KV Store restore: Restore KV Store collections from backup jobs
  • Delete Keys: Delete KV Store records from a collection based on _key values in search results
  • Delete Key: Delete KV Store records from a collection based on user input
  • KV Store alert action: Similar to outputlookup, but can be toggled on/off by users that have permissions to edit search jobs without modifying the search.

KV Store Backup

This functionality is implemented through a generating search command. Simply run or schedule a search like the following:
| kvstorebackup app="app_name" collection="collection_name" path="/data/backup/kvstore" global_scope="false"

The backup process will write one or more .json or .json.gz files (one for each collection).

Arguments:
- (Optional) app: <string> - Set the app in which to look for the collection(s). (Default: all apps).

  • (Optional) path: <string> - Set the directory path for the output files. (Default: the the setting in the app Setup page)

  • (Optional) global_scope: [true|false] - Specify the whether or not to include all globally available collections. (Default: false)

  • (Optional) collection: <string> - Specify the collection to backup within the specified app. (Default: All)

  • (Optional) compression: [true|false] - Specify whether or not to compress the backups. (Default: false)

Best Practice: In a Search Head Cluster (SHC) environment, map a shared network drive to all members so that the backed-up collections are available to all of them.


KV Store Restore

This functionality is implemented through a generating search command. Run a search such as:
| kvstorerestore filename="/backup/kvstore/app_name#collection_name#20170130*"

The restore process will delete the KV Store collection and overwrite it with the contents of the backup.

Arguments:
- (Required) filename: <string> - Specify the file to restore the data from.


KV Store Delete Keys

This functionality is implemented through a streaming search command. Run a search such as:
| inputlookup lookup_name where domain="*splunk.com" | deletekeys collection="collection_name"

Deletes records from a KV Store collection based on _key value in search results

Arguments:
- (Required) collection: <string> - Specify the file to restore the data from.


KV Store Delete Key

This functionality is implemented through a generating search command. Run a search such as:
| deletekey collection="collection_name" key="key_value"

Deletes a specific record from a KV Store collection based on _key value

Arguments:
- (Required) collection: <string> - Specify the file to restore the data from.
- (Required) key: <string> - Specify the value for the _key field in the collection record.

Release Notes

Version 1.3.2
Nov. 30, 2018

Resolved an issue with the KV Store Overview dashboard having the wrong fields per collection

Version 1.3.1
May 25, 2018

Fixed the bug where a limited number of collections were backed up if there were more than 30 on a host

Version 1.3.0
May 14, 2018

New Features:
- KV Store migrate: Copy KV Store collections from one Splunk search head to another. Deletes the existing collections before restoring (unless otherwise specified).
- Delete Keys: Delete KV Store records from a collection based on _key values in search results.
- Delete Key: Delete KV Store records from a collection based on user input.
- KV Store alert action: Similar to outputlookup, but can be toggled on/off by users that have permissions to edit search jobs without modifying the search.

Version 1.1.2
Sept. 21, 2017

- Fixed a bug where not all collections were captured
- Expanded functionality to automatically enumerate collections in all apps
- Implemented batched backups
- New app icon

Version 1.1.1
Sept. 21, 2017

- Fixed a bug where not all collections were captured
- Expanded functionality to automatically enumerate collections in all apps
- Implemented batched backups

Version 1.1.0
July 20, 2017

- Added deletekeys command
- Added deletekey command
- Updated kvstorerestore command
- Updated kvstorebackup command
- Updated setup page
- Updated view permissions (export=none)
- Updated help page
- Updated README

Version 1.0.0
April 3, 2017

Initial Release

171
Installs
1,169
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.