splunk中mongodb作用——存用户相关数据如会话、搜索结果等
2016-12-12 14:05
513 查看
About the app key value store
The app key value store (or KV store) provides a way to save and retrieve data within your Splunk apps, thereby letting you manage and maintain the state of the application.Here are some ways that Splunk apps might use the KV Store:
Tracking workflow in an incident-review system that moves an issue from one user to another.
Keeping a list of environment assets provided by users.
Controlling a job queue.
Managing a UI session by storing the user or application state as the user interacts with the app.
Storing user metadata.
Caching results from search queries by Splunk or an external data store.
Storing checkpoint data for modular inputs.
For information on using the KV store, including how it compares to lookups, see app key value store documentation for Splunk app developers.
How KV store works with your deployment
The KV store stores your data as key-value pairs in collections. Here are the main concepts:Collections are the containers for your data, similar to a database table. Collections exist within the context of a given app.
Records contain each entry of your data, similar to a row in a database table.
Fields correspond to key names, similar to the columns in a database table. Fields contain the values of your data as a JSON file. Although it is not required, you can enforce data types (number, boolean, time, and string) for field values.
_key is a reserved field that contains the unique ID for each record. If you don't explicitly specify the _key value, the app auto-generates one.
_user is a reserved field that contains the user ID for each record. This field cannot be overridden.
Accelerations improve search performance by making searches that contain accelerated fields return faster. Accelerations store a small portion of the collection's data set in an easy-to-traverse form.
The KV store files reside on search heads.
In a search head cluster, if any node receives a write, the KV store delegates the write to the KV store captain. The KV store keeps the reads local, however.
System requirements
KV store is available and supported on all Splunk Enterprise 64-bit builds. It is not available on 32-bit Splunk Enterprise builds. KV store is also not available on universal forwarders. See the Splunk Enterprise system requirements.KV store uses port 8191 by default. See "System requirements and other deployment considerations for search head clusters" in the Distributed Search Manual.
Determine whether your apps use KV store
KV store is enabled by default on Splunk Enterprise 6.2+.Apps that use the KV store typically have collections.conf defined in
$SPLUNK_HOME/etc/apps/<app name>/default. In addition, transforms.conf will have references to the collections with external_type = kvstore
Use the KV store
To use the KV store:1. Create a collection and optionally define a list of fields with data types using configuration files or the REST API.
2. Perform create-read-update-delete (CRUD) operations using search lookup commands and the Splunk REST API.
3. Manage collections using the REST API.
Monitor its effect on your Splunk Enterprise deployment
You can monitor your KV store performance through two views in the distributed management console. One view provides insight across your entire deployment (see "KV store: Deployment" in this manual). The other view gives you information about KV store operations on each search head (see "KV store: Instance").Back up KV store data
Back up and restore your KV store data using the standard backup and restore tools and procedures used by your organization. To back up KV store data, back up all files in the path that is specified in thedbPathparameter of the
[kvstore]stanza in the
server.conffile.
For general information about backup strategies in Splunk Enterprise, see "Choose your backup strategy" in the Managing Indexers and Clusters of Indexers manual.
相关文章推荐
- Google将通过Gmail、Calendar和Google+数据为用户提供个性化搜索结果
- Google最新动态-谷歌为用户买单 搜索结果免费发到手机
- 点石互动--highdiy之:SERP(用户搜索结果页面)中的点击率与SEO
- Google发布社交搜索功能 用户可推荐搜索结果
- oracle数据库增加样例数据 scott用户 与 相关的表
- 艾瑞数据:2010年用户搜索最多的是知识型和娱乐型类容
- 近日探得用C++将二进制数据存储到XML文件的方法,因在研究时,未得到网上其他同仁的帮助(网上搜索了半天没有相关资料,只有DOTNET的),在这里不敢独享,给别的同仁在搜索时能够搜索到相关资料,也算是绵薄之力! )
- 分布式搜索elasticsearch java API 之(七)------与MongoDB同步数据
- 百度岳国峰首次披露移动搜索相关数据
- 站内搜索结果的用户体验优化
- 谷歌加密用户搜索数据 意欲何为?
- 日前有消息称,微软已经同意收购语义搜索引擎Powerset,收购价格将略高于1亿美元.微软将于下月发布正式声明.Powerset公司位于旧金山,其搜索引擎技术能够理解用户输入的短语的真实含义,并在这种理解的基础上返回搜索结果.
- 各大搜索引擎的Java相关搜索能力数据对比
- Google悄悄跟踪用户点击:有可能根据搜索结果点击率改善排名 http://www.chedong.com/blog/archives/000397.html
- intra-mart中取得登陆用户相关信息的数据的方法
- 搜索2.0:利用用户点击记录改善搜索结果
- 谷歌雅虎等搜索结果虚假遍地 用户辨别需谨慎
- Hack in Lucene.Net之为什么无法在搜索时统计分类下相关结果数或者实现Group By效果
- 设计满足用户需求的搜索引擎 类化搜索结果
- 谷歌搜索结果页面改版相关搜索给予更大位置