The KV Store stores your data as key-value pairs in collections. Here are the main concepts:
- Collections are the containers for your data, similar to a database table. Collections exist within the context of a given app.
- Records contain each entry of your data, similar to a row in a database table.
- _key is a reserved field that contains the unique ID for each record. If you don't explicitly specify the _key value, the app auto-generates one.
- _user is a reserved field that contains the user ID for each record. This field cannot be overridden.
- Accelerations improve search performance by making searches that contain accelerated fields return faster. Accelerations store a small portion of the collection's data set in an easy-to-traverse form.
For example, let's say you want to save information about transactions in the KV Store, such as the transaction ID, the status, the name of the user assigned to it currently, and a memo. You could create a collection called "transactions_collection", with fields called "transaction_id", "transaction_status", "transaction_owner", and "transaction_memo". Each transaction you add to the collection corresponds to a record.
To add KV Store functionality to an app:
- Create a collection and optionally define a list of fields with data types using configuration files or the REST API.
- Perform Create-Read-Update-Delete (CRUD) operations using search lookup commands and the Splunk REST API.
- Manage collections using the REST API.