How to create multiple new custom data source cate...

Knowledge Management

Hello

I would like to create multiple new custom data source categories to use them in a Partner Integration app on Splunk Security Essentials.

I already read this documentation, then I was able to create a single new custom data source category. However, when trying to create multiple custom data source categories by changing the "company_name" of other security contents, there were no updates to the existing data source categories. Therefore, they were not created and only the first data source category that I had created continued to appear.

Finally, I noticed the following snippet in the SSE documentation in the "Populating Data Inventory" section: "[...] it will take any detections that have a create_data_inventory=true configuration. For the first piece of content that it finds, it will add a new item to data_inventory output [...]". And then I was in doubt if the app is really programmed to create only a new data source category informed, not creating the others, after having created the first.

So I have the following questions:
1. Is it possible to create multiple new custom data source categories?
2. How could I create them?

Get Updates on the Splunk Community!

How to create multiple new custom data source categories on Splunk Security Essentials?

Celebrating the Winners of the ‘Splunk Build-a-thon’ Hackathon!

Why You Should Register for Splunk University at .conf25

Building Splunk proficiency is a marathon, not a sprint

Are you a member of the Splunk Community?

How to create multiple new custom data source categories on Splunk Security Essentials?

Celebrating the Winners of the ‘Splunk Build-a-thon’ Hackathon!

Why You Should Register for Splunk University at .conf25

Building Splunk proficiency is a marathon, not a sprint