Solved: How do we define collections.conf in SplunkCloud?

morethanyell · ‎07-30-2019

Creating Lookup Definition (transforms stanza) can be done on Splunk Web UI. But since we need to point a kv definition to a collections.conf, we must have that stanza in collections.conf. How do we define collections.conf in SplunkCloud? Thanks in advance.

woodcock · ‎07-30-2019

You have to either deploy an app that is cloud vetted which contains one OR to create one just for you, you must open a support case.

View solution in original post

morethanyell · ‎05-20-2020

This problem can be solved if you have Lookup Editor installed in your SplunkCloud search head. In that app, there's a way to configure a new KV Lookup and that includes taking care of collections-conf name.

woodcock · ‎07-30-2019

You have to either deploy an app that is cloud vetted which contains one OR to create one just for you, you must open a support case.

Luispl55 · ‎01-24-2024

Hi Woodcock,

Do you know if this is still the case nowadays (2024)?

thanks.

isoutamo · ‎01-25-2024

Hi

it's more or less same situation. You have those three options:

Use lookup editor app
Create own app which contains those definition and install it. In Victoria experience you can do it by your self
On Classic edition you probably still need to create a support case or create cloud vetted private app on splunkbase from where you (probably) could install it by yourself?

I said that the lookup editor app is probably the easiest way to do it unless your are familiar with your own apps and need this otherwise too.

https://splunkbase.splunk.com/app/1724

r. Ismo

morethanyell · ‎07-30-2019

sucks man 😞

How do we define collections.conf in SplunkCloud?

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024