Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do we define collections.conf in SplunkCloud?

morethanyell
Builder
‎07-30-2019 08:58 PM

Creating Lookup Definition (transforms stanza) can be done on Splunk Web UI. But since we need to point a kv definition to a collections.conf, we must have that stanza in collections.conf. How do we define collections.conf in SplunkCloud? Thanks in advance.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎07-30-2019 09:17 PM

You have to either deploy an app that is cloud vetted which contains one OR to create one just for you, you must open a support case.

View solution in original post

Reply
Solved! Jump to solution

morethanyell
Builder
‎05-20-2020 05:15 AM

This problem can be solved if you have Lookup Editor installed in your SplunkCloud search head. In that app, there's a way to configure a new KV Lookup and that includes taking care of collections-conf name.

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎07-30-2019 09:17 PM

You have to either deploy an app that is cloud vetted which contains one OR to create one just for you, you must open a support case.

Reply
Solved! Jump to solution

Luispl55
New Member
‎01-24-2024 02:08 PM

Hi Woodcock,

Do you know if this is still the case nowadays (2024)?

thanks.

 

 

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎01-25-2024 01:43 AM

Hi

it's more or less same situation. You have those three options:

  1. Use lookup editor app
  2. Create own app which contains those definition and install it. In Victoria experience you can do it by your self
  3. On Classic edition you probably still need to create a support case or create cloud vetted private app on splunkbase from where you (probably) could install it by yourself?

I said that the lookup editor app is probably the easiest way to do it unless your are familiar with your own apps and need this otherwise too.

https://splunkbase.splunk.com/app/1724

r. Ismo

0 Karma
Reply
Solved! Jump to solution

morethanyell
Builder
‎07-30-2019 09:18 PM

sucks man 😞

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...