Creating and CRUDing a KV Store in Splunk: Part 1

In this tutorial, we’re going to cover how to create a KV Store both through the Splunk user interface, as well as by modifying collections.conf and transforms.conf. KV Stores in Splunk are nothing more than Mongo Databases, so they allow us to easily apply CRUD (Create / Read / Update / Delete) to our data.

(more...)