Knowledge Management

Splunk SDK for Python: What is the best way to update a KV Store and add potential records if there is no key match?

goodsellt
Contributor

Hello!

I'm looking into using the Python SDK's KV store module to do some updating of a KV store. I've noticed that the insert & update functions are separate, leading me to asking this: How should I best go about updating a KV store and adding any potential records if there is no key match? Does the 'update' function create a new record if a key does not match, or would it return some kind of ValueError or something similar I can do a try/except loop for?

Also are there any examples or guides out there for this functionality (apart from the reference manual which I've found)? I'd just like to see it in action so I can verify some other questions I had, such as should my "data" document string be the same JSON as I would put in the REST POST method?

Thanks!

0 Karma
1 Solution

goodsellt
Contributor

Old answer incorrect, here is corrected version:

If the record/key does not appear when you do a .data.update, the REST endpoint will return a HTTP 404 -- Object not found error.

What I've done to solve this problem is catch that exception inside of my python script, and then have an alternative version of the object send (with the _key in the document instead of an argument to the call) using .data.insert.

You're also able to use .data.batch_save with a properly parsed list of json documents which invalidates the need for the above.

View solution in original post

0 Karma

goodsellt
Contributor

Old answer incorrect, here is corrected version:

If the record/key does not appear when you do a .data.update, the REST endpoint will return a HTTP 404 -- Object not found error.

What I've done to solve this problem is catch that exception inside of my python script, and then have an alternative version of the object send (with the _key in the document instead of an argument to the call) using .data.insert.

You're also able to use .data.batch_save with a properly parsed list of json documents which invalidates the need for the above.

0 Karma

goodsellt
Contributor

I've found the update function will automatically upsert as long as I'm passing a key to it.

0 Karma

goodsellt
Contributor

This answer is incorrect. My testing was not valid.

0 Karma

organus
Explorer

This wouldn't work for me.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...