create_kvstore_collection
Create a KV Store collection in Splunk for storing lookup data or configuration with customizable fields and indexing options.
Instructions
Create a KV Store collection with optional fields and indexing. Use this to provision a new collection for lookups or persisted configuration in a specific app.
Args: app (str): Target Splunk application where the collection will be created. Examples: - 'search': Default search app - 'my_app': Custom application - 'splunk_monitoring_console': Monitoring console app collection (str): Name for the new collection (alphanumeric and underscores only). Examples: - 'users': User information store - 'configurations': Application settings - 'lookup_table': Data enrichment table fields (list[dict], optional): Field definitions specifying data types and constraints accelerated_fields (dict, optional): Index definitions for faster queries replicated (bool, optional): Whether to replicate across cluster (default: True) create_lookup_definition (bool, optional): Also create a transforms.conf lookup definition (default: False)
Outputs: created collection with name, fields, accelerated_fields, replicated. Security: creation is constrained by app-level permissions.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| app | Yes | ||
| collection | Yes | ||
| fields | No | ||
| accelerated_fields | No | ||
| replicated | No | ||
| create_lookup_definition | No |