![]() ![]() The KV Store field does not have to have the same name as the field in your events. When a value of this field in an event matches a value of the designated field in your KV Store collection, the corresponding value(s) for the other field(s) in your KV Store collection can be added to that event. When you invoke the lookup in a search with the lookup command, you designate a field in your search data to match with the field in your KV Store collection. One of those fields should have a set of values that match with the values of a field in your event data, so that lookup matching can take place. When you create a KV Store lookup, the collection should have at least two fields. KV Store collections are containers of data similar to a database. ![]() See Use configuration files to create a KV Store collection on the Splunk Developer Portal. See Make your lookup automatic.įor developer-focused KV Store lookup configuration instructions, see Use lookups with KV Store data in the Splunk Developer Portal.īefore you create a KV Store lookup, your Splunk deployment must have at least one KV Store collection defined in nf. You do not need to invoke automatic lookups with the lookup command. ![]() Automatic lookups run in the background at search time and automatically add output fields to events that have the correct match fields. You can set up KV Store lookups as automatic lookups. See Define a KV Store lookup in Splunk Web If you are a Splunk Cloud Platform administrator or do not have access to the configuration files for your deployment, you can configure KV Store lookups using the pages at Settings > Lookups. This topic assumes you have access to the configuration files for your deployment. See KV Store vs CSV files if you are unsure which lookup solution best fits your needs. CSV lookups are easier to implement, and they suffice for the majority of lookup cases. KV Store lookups can be invoked through REST endpoints or by using the following search commands: lookup, inputlookup, and outputlookup.īefore you create a KV Store lookup, you should investigate whether a CSV lookup will do the job. KV Store lookups populate your events with fields pulled from your App Key Value Store (KV Store) collections. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |