Version: 1.0.0


The collections saving the state of the REStream Add-on for Splunk are backed up to backup collections using saved searches. The relevant collections are:

  • restream_discovery_inventory
  • restream_discovery_results
  • restream_replay_results

The relevant saved searches are:

  • Backup Gen - backup_restream_discovery_inventory
  • Backup Gen - backup_restream_discovery_results
  • Backup Gen - backup_restream_replay_results

The saved searches are scheduled to run daily at 06:00 and keep a history of the last five backups.