Last week, we released a new app on Splunkbase™, Gemini KV Store Tools, written by our Director of Professional Services, JR Murray. It fills a gap for ES and ITSI customers who want a regular scheduled backup of KV Store through an easily accessible Splunk® interface. You can access the app onSplunkbase™ [https://splunkbase.splunk.com/app/3536/]. The following description was originally posted on Splunkbase™.
Gemini KV Store Tools for Splunk
Utilities for the Splunk App Key-Value Store
The Gemini app for Splunk KV Store includes the following features:
- KV Store backup: Backup KV Store collections
- KV Store restore: Restore KV Store collections from backup jobs
- KV Store alert action: Similar to outputlookup, but can be toggled on/off by users that have permissions to edit search jobs without modifying the search.
KV Store Backup
This functionality is implemented through a generating search command. Simply run or schedule a search like the following:
| kvstorebackup app=”app_name” collection=”collection_name” path=”/data/backup/kvstore” global_scope=”false”
The backup process will write one or more .json or .json.gz files (one for each collection).
– (Required) app: – Set the app in which to look for the collection(s).
– (Required) path: – Set the directory path for the output files.
– (Optional) global_scope: [true|false] – Specify the whether or not to include all globally available collections. (Default: false)
– (Optional) collection: – Specify the collection to backup within the specified app. (Default: All)
– (Optional) compression: [true|false] – Specify whether or not to compress the backups. (Default: false)
Best Practice: In a Search Head Cluster (SHC) environment, map a shared network drive to all members so that the backed-up collections are available to all of them.
KV Store Restore
This functionality is implemented through a generating search command. Run a search such as:
| kvstorerestore filename=”/backup/kvstore/app_name#collection_name#20170130*”
The restore process will delete the KV Store collection and overwrite it with the contents of the backup.
– (Required) filename: – Specify the file to restore the data from.
April 3, 2017