Use the REST API to manage KV Store collections and data

You can create, read, update, delete, and manage KV Store data and collections using the Splunk REST API, which you access on the Splunk management port (the default port is 8089).


REST Endpoints for KV Store

Use the following REST endpoints to work with KV Store data:

storage/collections/config

  • GET: Get a list of collections in a specific app.
  • POST: Create a new collection in a specific app.

storage/collections/config/{collection}

  • GET: Get information about a specific collection.
  • DELETE: Delete a collection.
  • POST: Update a collection.

storage/collections/data/{collection}/

  • GET: Get records from a specific collection.
  • POST: Insert a new record into a specific collection.
  • DELETE: Delete all records from a specific collection.

storage/collections/data/{collection}/{id}

  • GET: Get records in a collection by key ID.
  • POST: Update records a collection by key ID.
  • DELETE: Delete a record in a collection by key ID.

storage/collections/data/{collection}/batch_save

  • POST: Run one or more save (insert and replace) operations in a specific collection

For the complete KV Store REST API reference, see KV store endpoint descriptions and KV store endpoint examples in the REST API Reference Manual.


Examples

The following examples show how to work with the "kvstorecoll" collection of the "kvstoretest" app using the KV Store REST endpoints, with "admin:changeme" as the username:password, and "nobody/kvstoretest" as the user/app context.

    Note  The REST API can access and update any data that belongs to the user ("username") or is shared ("nobody"). Lookups in the search language can access and update shared data only. Lookups cannot access or update user-specific data.

Get a list of collections for the "kvstoretest" app:

curl -k -u admin:changeme \
    https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/config

Create a new collection called "kvstorecoll" in the "kvstoretest" app:

curl -k -u admin:changeme \
    -d name=kvstorecoll \
     https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/config

Define the collection schema:

curl -k -u admin:changeme \
    https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/config/kvstorecoll \
    -d 'field.id=number' \
    -d 'field.name=string' \
    -d 'field.address=string' \
    -d 'accelerated_fields.my_accel={"id": 1}'

Add data to the collection, which in this example shows a hierarchical JSON document:

curl -k -u admin:changeme \
    https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll \
    -H 'Content-Type: application/json' \
    -d '{"name": "Splunk HQ", "id": 123, "address": { "street": "250 Brannan Street", "city": "San Francisco", "state": "CA", "zip": "94107"}}'

Get all data from the collection:

curl -k -u admin:changeme \
    https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll

Get records 10-19 from the collection and sort by name:

curl -k -u admin:changeme \
    https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll?sort=name&skip=10&limit=10

Get records where values in the "id" field are greater than 24, using the URL-encoded query "{"id": {"$gt": 24}}":

curl -k -u admin:changeme \
    https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll?query=%7B%22id%22%3A%7B%22%24gt%22%3A24%7D%7D

Get the record for the key ID " 5410be5441ba15298e4624d1":

curl -k -u admin:changeme \
    https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll/5410be5441ba15298e4624d1

Update the record for the key ID "5410be5441ba15298e4624d1":

    Note  This command replaces all previous values in this record. In this example, only the "name" field is provided, and any values that previously existed in this record will be replaced with an empty string.
curl -k -u admin:changeme \
    https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll/5410be5441ba15298e4624d1 \
    -H 'Content-Type: application/json' \
    -d '{"name": "new_name"}'

Delete the record with the key ID " 5410be5441ba15298e4624d1":

curl -k -u admin:changeme -X DELETE \
    https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll/5410be5441ba15298e4624d1

Delete all records in the "kvstorecoll" collection:

curl -k -u admin:changeme -X DELETE \
    https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll

Run multiple save operations:

curl -k -u admin:changeme \
    https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll/batch_save \
    -H 'Content-Type: application/json' \
    -d '[{"name": "Splunk Sweden"}, {"name": "Splunk Singapore"}]'