Data & KV Store • Room 2

KV Store Collections

The KV Store is Splunk's built-in NoSQL database. Developers use it to store and retrieve structured data that doesn't belong in the index (e.g., user preferences, lookup tables, state tracking).

Collections are defined in `collections.conf`, their schema in `transforms.conf`, and CRUD operations are performed via the REST API or `| inputlookup` / `| outputlookup` SPL commands.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Drag items to their correct zone (or tap item then tap zone on mobile)

Defines the KV Store collection name

Defines the field names and types for the collection

Reads data from the KV Store in SPL

Writes search results into the KV Store

collections.conf

transforms.conf

| inputlookup

| outputlookup