KV Store Tools Redux

The KV Store Tools app includes the following utilities: Generating Commands KV Store Backup: Backup KV Store collections to the file system on the search head. KV Store Restore: Restore KV Store collections from backup jobs*. Lists all existing backups in the default path if no arguments are given. KV Store Push: Copy KV Store collections from the local Splunk search head to a remote instance or comma-separated instance list (SH/SHC)*. KV Store Pull: Copy KV Store collections from a remote Splunk search head (SH/SHC) to the local instance*. Delete Key: Delete KV Store records from a collection based on user input. Streaming Commands Create Foreign Key: Creates an entry in a lookup and appends the resulting _key value to the current search results. Useful for writing linked entries in two lookups. Delete Keys: Delete KV Store records from a collection based on _key values in search results. Alert Actions Send to Collection: Similar to outputlookup, but can be toggled on/off by users that have permissions to edit search jobs without modifying the search. This functionality has been implemented by Splunk directly into the product since this was written. * Deletes the collections from the target host before writing (unless otherwise specified). Commercial support is now available for all of our apps! Contact us for more details. Please leave a rating for this app.