Hi All,

Due to security requirements we cannot have a single Streams App "Deployer" which all Streams Agents phone home to 

[streamfwd://streamfwd]
splunk_stream_app_location = https://192.168.64.60:8000/en-us/custom/splunk_app_stream/
disabled = 0

In order to work around this network/security limitation we've had to install the Stream App on HFs in multiple network zones.

Question: To save us having to manually enter all the custom Streams and Forwarder Groups can we export from one instance and import to another?

From what I can tell they are in a kvstore based on the contents of this file

cat /opt/splunk/etc/apps/splunk_app_stream/default/collections.conf
#
# Splunk app KV Store collection file
#

[streams]

[miscellaneous]

[streamforwardergroups]

[fileservermountpoints]

[fileservermountpointsTEST]

[configurations]

[vocabularies]

[netflow_ipfix_apps_info]

Is it just a matter of exporting one or all of these collections?

# Export
/opt/splunk/bin/splunk backup kvstore -archiveName streams-streams-backup -collectionName streams -appName splunk_app_stream

and

/opt/splunk/bin/splunk backup kvstore -archiveName streams-forwardergroups-backup -collectionName streamforwardergroups -appName splunk_app_stream


# Then collect these backups from /opt/splunk/var/lib/splunk/kvstorebackup copy across to the other "Stream Deployer" then reimport with


/opt/splunk/bin/splunk restore kvstore -archiveName streams-streams-backup -collectionName streams -appName splunk_app_stream

and

/opt/splunk/bin/splunk restore kvstore -archiveName streams-forwardergroups-backup -collectionName streamforwardergroups -appName splunk_app_stream

Ref: https://docs.splunk.com/Documentation/Splunk/9.0.4/Admin/BackupKVstore

Is there a better way or is this our only option?