Knowledge Management

How to create multiple new custom data source categories on Splunk Security Essentials?

julio-luz
Engager

Hello

I would like to create multiple new custom data source categories to use them in a Partner Integration app on Splunk Security Essentials.

I already read this documentation, then I was able to create a single new custom data source category. However, when trying to create multiple custom data source categories by changing the "company_name" of other security contents, there were no updates to the existing data source categories. Therefore, they were not created and only the first data source category that I had created continued to appear.

Finally, I noticed the following snippet in the SSE documentation in the "Populating Data Inventory" section: "[...] it will take any detections that have a create_data_inventory=true configuration. For the first piece of content that it finds, it will add a new item to data_inventory output [...]". And then I was in doubt if the app is really programmed to create only a new data source category informed, not creating the others, after having created the first.

 

So I have the following questions:
1. Is it possible to create multiple new custom data source categories?
2. How could I create them?

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...