The KV Store is a good solution when data requires user interaction using the REST interface and when you have a frequently-changing data set.The KV Store is designed for large collections, and is the easiest way to develop an application that uses key-value data.Therefore, depending on your use cases choose your lookup type Below are examples: KV Store lookups can be invoked through REST endpoints or by using the following search commands: lookup, inputlookup, and outputlookup. Best practice is to use a KV Store lookup when you have a large lookup table or a table that is updated often. KV Store Lookup: KV Store lookup, Matches fields in your events to fields in a KV store collection and outputs corresponding fields in that collection to your events. CSV lookups can be invoked by using the following search commands: lookup, inputlookup, and outputlookup. CSV inline lookup table files, and inline lookup definitions that use CSV files, are both dataset types. The general workflow for creating a CSV lookup in Splunk Web is to upload a file, share the lookup table file, and then create the lookup definition from the lookup table file. CSV lookups are best for small sets of data. They are also referred to as static lookups. They output corresponding field values from the table to your events. CSV type lookup are file-based lookups that match field values from your events to field values in the static table represented by a CSV file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |