Splunk Enterprise

is there a way to get the data in json format into the KV Store in one go using API endpoint?

super_saiyan
Communicator
is there a way to get the data in json format into the KV Store in one go  using "storage/collections/data/{collection}/" API endpoint?
 
10000 lines of events in one go ?
Labels (3)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

You can set multiple key/value pairs in one call. See the https://docs.splunk.com/Documentation/Splunk/8.2.6/RESTREF/RESTkvstore#storage.2Fcollections.2Fdata....

You're of course limited by the REST API request limits (I'm not sure how big they are).

And I'm not sure why you're refering to KV-store as "events". Events are one thing and you post them to other endpoints (like /services/collector/event), KV Store is another thing.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...