Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can we delete particular data from KVStore using REST API/ CURL without using _key?

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎04-19-2020 10:33 PM

Here, the requirement is to delete all the data from KVStore having the particular KVStore filed value.

Example: I have a KVStore for student data with Name, Std, roll_number.

In my KVStore, I have all the student information across all the standards.

So my use cases re,

  1. If I want to delete all the records of 10th standard's students then how can I do using REST API
  2. If I want to delete all the records of 5th to 10th standard's students then how can I do using REST API.

You can create as many use cases as you think. 🙂

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎04-19-2020 10:35 PM

By using below options, you can delete all the records from specific collection OR delete specific records from specific collection using _key ID. Let's see all the ways of deleting records using CURL.

1) Delete all records in the "kvstorecoll" collection:

curl -k -u admin:yourpassword -X DELETE https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll

2) Delete the record with the key ID " 5410be5441ba15298e4624d1":

curl -k -u admin:yourpassword -X DELETE https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll/5410be5441...

You can find the above curl commands in https://dev.splunk.com/enterprise/docs/developapps/kvstore/ documentation.

As per our requirement, we need to delete specific records.

For deleting specific records, we have to use query parameters in our REST/CURL.

3) Delete the records with the Standard value 10

curl -k -u admin:admin123 https://localhost:8089/servicesNS/nobody/test/storage/collections/data/kvstorecoll\?query\=\{\"std\"... -g -X DELETE

4) Delete the records with the Standard value from 5 to 10

curl -k -u admin:admin123 https://localhost:8089/servicesNS/nobody/test/storage/collections/data/kvstorecoll\?query\=\{\"\$and\":\[\{\"std\":\{\"\$gt\":4\}\},\{\"id\":\{\"$lt\":11\}\}\]\} -g -X DELETE

Note: In case, any REST/CURL not working as expected then make sure your query parameter value which should be encoded with the % encoding.

My 4th example doesn't work properly for me for a few cases. So converted it into % encoding and It works like charm.

Updated 4) 

curl -k -u admin:admin123 https://localhost:8089/servicesNS/nobody/test/storage/collections/data/kvstorecoll\?query=%7B%20%22%... -g -X DELETE

You can find more about the query parameters and operators in the below docs.

https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTkvstore

Happy Splunking

View solution in original post

Reply
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎04-19-2020 10:35 PM

By using below options, you can delete all the records from specific collection OR delete specific records from specific collection using _key ID. Let's see all the ways of deleting records using CURL.

1) Delete all records in the "kvstorecoll" collection:

curl -k -u admin:yourpassword -X DELETE https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll

2) Delete the record with the key ID " 5410be5441ba15298e4624d1":

curl -k -u admin:yourpassword -X DELETE https://localhost:8089/servicesNS/nobody/kvstoretest/storage/collections/data/kvstorecoll/5410be5441...

You can find the above curl commands in https://dev.splunk.com/enterprise/docs/developapps/kvstore/ documentation.

As per our requirement, we need to delete specific records.

For deleting specific records, we have to use query parameters in our REST/CURL.

3) Delete the records with the Standard value 10

curl -k -u admin:admin123 https://localhost:8089/servicesNS/nobody/test/storage/collections/data/kvstorecoll\?query\=\{\"std\"... -g -X DELETE

4) Delete the records with the Standard value from 5 to 10

curl -k -u admin:admin123 https://localhost:8089/servicesNS/nobody/test/storage/collections/data/kvstorecoll\?query\=\{\"\$and\":\[\{\"std\":\{\"\$gt\":4\}\},\{\"id\":\{\"$lt\":11\}\}\]\} -g -X DELETE

Note: In case, any REST/CURL not working as expected then make sure your query parameter value which should be encoded with the % encoding.

My 4th example doesn't work properly for me for a few cases. So converted it into % encoding and It works like charm.

Updated 4) 

curl -k -u admin:admin123 https://localhost:8089/servicesNS/nobody/test/storage/collections/data/kvstorecoll\?query=%7B%20%22%... -g -X DELETE

You can find more about the query parameters and operators in the below docs.

https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTkvstore

Happy Splunking

Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎04-20-2020 04:27 AM

There are a couple of apps out there that give you a curl SPL command too... you could in theory do this from splunk search.

0 Karma
Reply
Get Updates on the Splunk Community!

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...