Monitoring Splunk

TrackMe: How to add sourcetypes programatically to AllowList/Block list?

GOB_Bluth
Explorer

I would like the results of a search to populate the allow/block lists in TrackeMe. The lookup file requires a unique key.

Any tips on how to generate that at search time?

Labels (1)
0 Karma

gjanders
SplunkTrust
SplunkTrust

Are you referring to _key?
That's autogenerated for kvstore entries. You don't need to manually generate it 

0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...