The App Key Value Store
The App Key Value Store (KV Store) is new in Splunk 6.2. Think of them as lookups that are stored in memory. The actual storage is done in a Mongo database that is run by the Splunk process. The KV Store is very useful for storing state data and fills a gap that existed in earlier versions of Splunk. State data is data that defines what the current condition of something is. For example, we would like to know what the most recent memory and CPU usages are for a system. You could write this data to a typical lookup file, but by using the KV Store, you can get the ability to interface with the store from within your App. The KV Store has a complete REST interface with which to perform CRUD (short for create, read, update, and delete) operations, making it invaluable and extremely flexible. You can perform these CRUD operations directly from the Splunk search language, much like a typical lookup.
When would you use the KV Store?
Well, there are quite a few instances where...
