Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

KV Store on Heavy Forwarder

rajrsplunk
Explorer
‎07-27-2018 03:25 PM

EDITED:
I am building a TA. I have installed it on my Heavy Forwarder, it writes events to the Indexer.
The TA uses custom python code to extract the data from APIs (http GET calls to my webservice).
I'm using the KVStore to store state of the TA, I need to remember what was the last time I performed the query (updatedAt based polling).

From my understanding it uses the KVStore on the Heavy forwarder (I disabled it and saw the errors).

Which KVStore should the TA use? how does it work in a distributed environment?

Tags (1)
0 Karma
Reply

DalJeanis
Legend
‎07-28-2018 08:28 PM

Okay, so you are building a TA (that's important information, not just "I have a TA Installed").

You are extracting data from APIs (which APIs? - that's important information.)

You are using the KVStore on the HF to store the state of the TA. (Why does the TA have a state? - that's important information.)

You disabled the KVStore on the HF. Why?

It seems like you probably need to join the Slack channel, and chat with the experienced folks down in the #appdevs subchannel (there are dozens of them that hang out there) about your use case.

Once you've gotten the big picture nailed down, you can either take the answer you found, post it as a comment to this answer, and accept this answer -- or you can ask one of the old hands to come post a clear, concise new answer as an explanation of your best approach, so you can accept that one.

Reply

rajrsplunk
Explorer
‎07-29-2018 05:09 AM

Thank you for your response, I've edited the question. Since I'm relatively new to Splunk some of the questions are indeed lacking in information.

As edited, I'm extracting data from my application REST APIs (JSON format), I store the state to keep some data available for lookups, and also for remembering last checkpoint.

I disabled it as part of my experiments trying to understand how the KV works in a distributed environment.

I'll try the slack channel as well..

0 Karma
Reply

woodcock
Esteemed Legend
‎07-27-2018 04:34 PM

You are not even going to tell us the name of the TA or tell us where you got it?

0 Karma
Reply

rajrsplunk
Explorer
‎07-28-2018 07:39 AM

Hey! it's a TA I'm currently developing and testing on Splunk distributed architecture.

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...